Small- and medium-sized companies (SMBs) are equally vulnerable to cyber threats and data breaches as large enterprises. According to a survey of SMBs conducted by Ponemon Institute, nearly 55% of respondents said that they experienced a cyber-attack, and at least 50% had a data breach in the past 12 months. It was also revealed that negligent employees, contractors and third parties caused most data breaches.
Here are the key reasons why SMBs are becoming more vulnerable
- Security policy is not well defined.
- The software and methods that are in place to prevent the breach are either obsolete or not capable enough to prevent the data leakage.
- Lack of training to the employees.
- Not enough budget is allotted to thwart the threat.
- Strict adherence to follow the security procedure is lacking – weak or repetitive passwords. Encryption is missing in most of the cases.
- BYOD policies are missing.
- Protocol to be followed in case of leak is not defined, which could in turn restrict the extent of data loss.
- There is rarely a dedicated IT personnel overlooking the security of the system. Thus, 24/7 observation is
For all of these reasons, the loss of sensitive data is often due to negligence of the company personnel. A lot can be averted if the following requirements are addressed in the security protocol.
These essential steps are recommended for SMBs to follow and implement in order to mitigate data breach threats.
- Regular training sessions should be conducted for the employees. Users should be educated about cyber security and informed on how to deal with the sensitive information safely.
- Password encryption should be a must. Implementation of two-factor authentication is an easy and affordable way to safeguard the cyber content.
- Account management should be implemented. User-defined roles should dictate who gets what kind of access to the sensitive data. Authentication of the user and the device being used to access the information should be verified.
- Clearly define the BYOD policies to the employees so that intentional or deliberate loss of data can be mitigated.
- Software used should be current, thus making it less vulnerable to cyber threats.
- Policies around what data can be copied and how and where it can be duplicated should be laid out for the users.
As we step into 2017, SMBs should start gearing up to implement tailored protocols to defend against data breach, particularly from insiders. Along with taking the steps mentioned above in stride, employees should be scrutinized for their behavior in the office. Even at the time of recruitment, proper background screening should be conducted. Getting the right kind of employees and following up with a robust plan for security will aptly help mitigate the threat.