As we move further into the new millennium, with new technology being developed daily, one thing is becoming readily apparent. The new threat to our individual and national security is not from a criminal with a gun or an extremist with a bomb; it is from a cyber-criminal with a computer and an internet connection. That is why the Department of Homeland Security has established new campaign called “Stop. Think. Connect.” This campaign is meant to encourage everyone, from schoolchildren to senior citizens, to take personal responsibility for their own computer usage and to do their part in maintaining cyber security.
One aspect of this is in the form of cyber security for small and personal businesses. According to the Department of Homeland Security, almost half of all cyber attacks are against small businesses with less than five hundred employees. Perhaps more shocking, only 52% of small businesses have a cyber security plan and 40% have no response plan in the event that they are attacked by hackers. In this day, this is incredibly dangerous for the safety and well-being of your business. The average cost of a cyber attack on smallbusiness from 2009-2010 amount to almost $200,000 per attack. This would cripple most small companies. That is why it is so important to have not only a security plan but also a response plan in the event of an attack.
As far as instituting a security plan to help prevent an attack, the Department of Homeland Security has identified the following steps:
- Define responsibilities—Before you do anything else, you should sit down with your staff and designate who will be in charge of each aspect including implementation and training.
- Set up policies for internet and social media usage—You should define rules for your employees to govern how they can use office computers for both general internet and social media usage.
- Train your employees—Employees need to know how to recognize everything from social engineering, online fraud, fake antivirus offers, phishing, malware and malicious software. They should also be trained to use the same security measures when using email outside of work and also their company issued smartphones which can compromise your business’s network.
- Encrypt and protect off-site usage—Make sure that all computers that are allowed to access the network remotely are up to date with virus software. Also, make sure that smartphones are encrypted and train employees to be aware of their surroundings so that they don’t enter passwords or view sensitive information when others may be looking over their shoulders.
- Dispose of trash and equipment properly—Use a shredder or shredding service to destroy all of your sensitive documents and mail to ensure that no one can snoop through your trash and find information about you or your clients. When upgrading equipment, be sure to properly dispose of the old equipment, wiping the hard drives and destroying the SIM cards so that data cannot be retrieved by dumpster-diving criminals.
This is a great deal of material to process and it is just the tip of the iceberg, but it is not a plan that has to be completed overnight. Developing a cyber security plan should take time to make sure that it is well thought out and implemented properly. In our next installment, we will look at how to develop a secondary plan in the event of a worst-case-scenario, a response to an actual attack.