Almost three-quarters of small businesses in the United States reported a cyberattack in the past year, with the number of first-time attacks against small businesses jumping by 18% from 2022, according to a recent report from a nonprofit that provides advice and assistance to consumers and businesses affected by cybercrimes. “Small and mid-sized leaders are more focused on data security and privacy protection than ever,” said Eva Velasquez, CEO of the Identity Theft Resource Center, who wrote the report.
This year, the average cost of a data breach reached a record high of almost $4.5 million, according to a recent report by IBM. Ransomware attacks, phishing e-mails and websites, deepfake calls and e-mails, and synthetic identity creation are all major threats to data security. To protect against these threats, businesses can implement various strategies:
- Zero Trust Policy: A growing strategy in the IT world that incorporates never trusting, always verifying, and minimizing the impact of a breach if it occurs as its core principles. It involves installing software, providing policies for strong multi-factor authentication, and keeping computers and devices updated with the latest security measures. Additionally, strict rules for remote workers, such as not allowing personal use of work devices, should be implemented.
- Framework: A recommended framework is the Critical Security Controls from the Center for Internet Security, which provides best practices for securing IT systems and data. Insurance companies are becoming more interested in customers’ security and IT framework in case of a breach, and following these best practices may affect insurance coverage.
- Firewall Security: Firewalls should not only prevent malware from entering the network but also restrict data from leaving the network to mitigate risks. Securing ports on outgoing data can help enhance firewall security.
- Managed Services Providers (MSPs): As security threats increase, many small businesses may struggle to protect their data affordably. MSPs can take responsibility for the security of a company’s data and applications for a monthly fee, providing services like data backup, password management, security software installation, and software updates.
- Training: Ongoing training is essential for a secure network, as 88% of data breaches are caused by human error. Regular training sessions can update employees on the latest threats, increase awareness, and improve overall security.
Implementing these strategies can reduce the likelihood of a data breach, ultimately saving businesses money, time, and potentially their entire operation.