As more services move towards the cloud, it is important to establish network security so as to ensure secure data transfer. Similarly, businesses that manage critical personal data need to maintain airtight security policies and procedures. Not having such policies in place may lead to security breaches or expensive client lawsuits. According to a 2016 report from the Ponemon Institute, almost 50 percent of small organizations that were surveyed experienced a data breach in the previous year. Another research by Symantec found that almost 43 percent of cyber-attacks in 2015 were targeted towards small businesses, up from 18 percent in 2011.
Small businesses make for an enticing target as they usually do not have the necessary security controls in place to secure their financial data from internal as well as external threats. Here are some low budget tips that can help small businesses keep their financial data safe.
- Install proper network and work station controls such as properly configured firewall, anti-virus software, and updated patches for all hardware and software. Criminals usually try to exploit sensitive data such as Personally Identifiable Information (PIT), business trade secrets, financial data and other critical company information. Organizations must have restrictions in place for allowing only the least number of employees having access to sensitive information, especially financial or that related to security. Strict compliance must be ensured and employees must be trained and updated about it. This will help reduce incidents of data loss/ theft. Access to all storage, computing and online-based media like servers and databases must be restricted to only a few trusted employees.
- Establish a culture of security by training and informing employees about accessing unsafe websites while at work that may result in major breaches. Companies may also resort to block access to certain sites for security reasons.
- Conduct periodic testing to keep a check on vulnerabilities. The frequency of testing must depend on functional criticality and size of the company. With smartphones being used as devices for transfer of data, companies must ensure that these devices also fall under the purview of DLP policies and practices. Mobile devices must have anti-virus software installed and be up-to-date.
- Get finance teams/ CTOs involved to understand the risks involved and get a holistic view of what can be done to mitigate these risks at the base level – without incurring too much cost.
- Implement two-factor authentication along with strong password policy. Two-factor authentication requires use of a password plus a code or a biometric marker to access data. The additional layer of security makes access to sensitive data more difficult.
- Set aside a small budget specifically for continuous monitoring or security-related loopholes to help ward off any attacks and threats. If utilizing the services of third party vendors for securely managing data, have a Service Level Agreement (SLA) which details security expectations and gives the right to thoroughly audit the vendor to confirm and ensure compliance with policies.
In essence, by just implementing and following certain basic tenets of security, most organizations can secure their sensitive data with bare minimum costs.