Small Business Owners Need Minimize Data Exposure Risks Now

Cyber security- Dats breach small business

.

 

 

=How to Close the Barn Door

There are two primary aspects to securing corporate digital assets: putting them in a logical vault and securing the perimeter.

Of the more than 9 billion records breached since 2013 only two percent were encrypted. This is like leaving the crown jewels on display 24×7 on the hope that no one will get past the perimeter protections, which will always have gaps. Companies need to encrypt all confidential and sensitive data (PII and corporate) – both at rest and in transit.

Executives should view encryption as the logical vault that locks away the data and cannot be accessed without a key. There are numerous hardware and software solutions on the market today that can be used to encrypt data and the costs are far less than the cost of restoring one’s reputation, data and systems after a breach.

Thus, this should be priority one. Additionally, companies should employ the various access control analytic and authentication tools as well as implement industry standards for authentication such as two-factor authentication, and biometrics.

Finally, small business owners and IT executives need to address the people and process issues. All employees need to be security conscious and act accordingly.

This has become a rote activity at many firms and therefore data security ends up being lacking. Companies should revisit their security practices, policies and rules of behavior on handling and protecting customer information and other vital data and on how to recognize damaging phishing emails or those with potential malware attached.

Passwords should be changed to conform to the new guidelines (see recent blog “Passwords – the New Simplified Rules”). Security is everyone’s job and people need to be constantly reminded of it.

HR, IT and Security need to work together to get departing employees’ access rights terminated as close to the point of departure as possible. They must also work to ensure that access rights change when jobs or roles change.

Too many companies let access right accumulate as individuals get new assignments and fail to remove the rights to data that the individuals no longer need to know.

People frequently make assumptions about what they expect from a cloud provider that does not map to the reality. Except for SaaS providers one should always assume security is a joint responsibility and then understand what dimensions belong to the enterprise.

Access rights, especially root access, need to be more tightly restricted. Companies need to carefully vet each cloud provider before contract signing.

Then they should ensure cloud data is safe and secure and all data access rights are fully understood – not only during the time of usage but also after the contract is terminated but while the data still is retained by the cloud provider.

Summary

Data is one of the enterprise’s most important assets. It needs to be proactively protected at all times – no matter where the data is stored.

IT must ensure that crown jewels are properly encrypted at all times and that a comprehensive set of intrusion detection and prevention system are in place. Cyber attacks will come but with the right offense and defense they can be warded off.

Every company must recognize the enormity of its data risk exposures and the ongoing requirement to continually raise the bar. The time to act is now – not after the horse has left the barn. 

Small business and IT executives must determine and achieve an acceptable risk exposure level and then implement the set of proactive and reactive processes and tools that will enable them to reach their objectives.

Related articles:

Security and the Cloud: Perils and Protections for Small Business

Small Businesses Owners Beware, Cyber Security Is Under Attack

10 Critical IT Security Protections EVERY Business Must Implement

RELATED POSTS

AI and Web3: Unleashing the Power of Decentralized Intelligence

AI and Web3: Unleashing the Power of Decentralized Intelligence

The fundamental definitions of AI and web3 as they stand today By now you have probably heard a lot about the pros and cons of Artificial Intelligence or AI and Web3. In this article, we will explore the relationship of AI and Web3, its implications across various...

Video Gallery

Polls

Sign Up for the Latin Biz Today Newsletter

PR Newswire

Featured Authors

Innovation & Strategy

Money

Talent/HR

Legal

Marketing

Culture

Fashion

Food

Music

Sports

Work & Life

Mindfulness

Health & Fitness

Travel & Destinations

Personal Blogs

Pin It on Pinterest