Two-thirds of large businesses have experienced a data breach in the last year, and nearly half of small and midsized businesses (SMBs) have been the victim of a cyberattack. With the increase in cyberbreaches, the National Institute of Standards and Technology (NIST) established a framework in 2013 for reducing risks to the nation’s critical infrastructure. The framework takes a “best practice” approach to analyzing and mitigating risks and recommends five steps that any sized company can take for addressing cyber threats.
1. Identify
Inventory your most valuable assets: the “crown jewels” that are of greatest importance to your business and would be most valuable to criminals, such as employee, customer, and payment data.
2. Protect
Assess what protective measures you need to have in place to be as defended as possible against a cyber incident.
3. Detect
Have systems in place that would alert you if an incident occurs, including the ability for employees to report problems.
4. Respond
Make and practice an incident response plan to contain an attack and maintain business operations in the short term.
5. Recover
Know what to do to return to normal business operations after an incident or breach, including assessing any legal obligations.
On a day-to-day basis, businesses can improve their online safety practices by following these tips:
- Keep a clean machine: Having the latest security software, web browser, and operating system in your business are the best defenses against viruses, malware, and other online threats.
- Protect information: Secure accounts by adding two-factor authentication and making passwords long, strong, and unique.
- Protect the company’s online reputation: set security and privacy settings to your comfort level of sharing.
- Educate employees: Teach your employees basic best practices. For example, if an email, social network post, or text message looks suspicious – even if you know the source – delete it.
Many SMBs are increasingly vulnerable to cyberattacks: as larger companies beef up their defenses, those who wish to steal sensitive data are taking advantage of smaller organizations that may lack the knowledge and the resources to keep their digital assets secure.
As a result, all businesses should focus on creating a culture of cybersecurity and keep protecting the company top of mind for employees.