Editor’s Note: This is your weekly cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive weekly updates here.
Security breaches, stolen personal data, and hacking by foreign agents—news of new threats never ceases. Yet for small and mid-sized businesses, the challenge lies in implementing best practices to safeguard their companies with limited resources. How serious is the problem? According to the Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview, the odds that your business will be targeted are as high as 1 in 4.
In Inc. Magazine’s The 5 Biggest Cybersecurity Threats Targeting Your Small Business Right Now, IT security company founder Shawn Freeman offers six tips for small and mid-sized businesses to improve their security structure:
- Educate Employees
The single biggest threat to small businesses lies directly within their own walls. It is critical to educate employees about how to recognize and report phishing and other cyber threats to prevent criminals from obtaining sensitive corporate data.
- Improve Passwords and Strengthen Barriers
Changing passwords on a regular basis is a good start, but passwords aren’t the only barrier keeping hackers out. Protect your company from ransomware and doxing threats by limiting user privileges, app whitelisting, patching apps and operating systems and using third-party software with the most up-to-date ransomware defenses.
- Check for Weak Code
Most attacks run over open ports 80 (HTTP) and 443 (HTTPS) because these ports are generally open and aren’t watched closely due to high traffic volume. Rather than combing through thousands of lines of code, use tools to scan and pinpoint weak code and protect against seemingly harmless internet browsing.
- Address IoT and BYOD Security
IoT devices are often unequipped with built-in security measures because they weren’t designed to operate on public networks. To protect against this security threat, don’t allow devices direct public access from the internet. Instead, install endpoint security solutions, require complex passwords, always use two-step verification or multi-factor authentication when possible and only allow access through encrypted communications.
- Secure Your Wi-Fi
Unsecured Wi-Fi can be a very easy target for hackers who can deploy a man-in-the-middle attack, where they position themselves between the victim and the server to receive any and all communication. To protect customers, implement hardware with an intrusion detection system to detect intruders. Such hardware should be regularly updated to offer the best defense.
- Ensuring the Future of Your Business Through Cybersecurity
Every organization has sensitive data that they need to protect. Executives should commit to continually investing in cybersecurity through educating employees, implementing defensive barriers, ensuring strong coding and IoT and BYOD security, and securing Wi-Fi. With these measures, data breaches will be fewer and farther between.
Share cybersecurity best practices with your employees
The Forbes Technology Council offered a number of suggestions for companies concerned about cyberthreats and breaches in security. Forbes’ 10 Tactics For Teaching Cybersecurity Best Practices To Your Whole Company points out that it’s important to make sure that any training is tailored for employees who do not work in IT. Using too much technical jargon and tech-speak only makes it harder for employees to understand how to protect themselves and their companies from being hacked.
Here are 10 tips that the Council suggests that companies consider when implementing a cybersecurity program that is designed for all company employees:
- Explain The Business Benefits Of Secure Data
- Use Metaphors And Analogies That Apply To Them
- Personalize Your Training By Department
- Highlight The Positive Progress
- Stick To The Basics And Practical Aspects
- Establish And Communicate Consistent Processes
- Help Them Understand The Direct Negative Impact Of Poor Security
- Encourage A ‘Sanity Check’
- Simulate A Hack
- Lay A Foundation Of ‘Cyber Common Sense’
Free cybersecurity help for SMBs
While there are many tips for small and mid-sized businesses to protect themselves from cyberthreats, most of these focus on IT solutions. However, IT solutions can be costly (both software and staff) and hiring consultants might not be in the budget. There are many free and low-cost resources available to help SMBs reduce the risks of data breaches.
The Motley Fool highlights options for SMBs in 5 Free Resources Small Business Owners Should Know About.
SCOREstands for Service Corps of Retired Executives. It’s one of the single best resources for small business owners. For five decades, this nonprofit organization has offered education and advice on a wide range of topics related to creating, operating, and expanding business enterprises. SCORE offers both live and recorded webinars as well as courses business owners can take.
- The SBA and Small Business Development Centers
Small business development centers are local offices that help entrepreneurs at all stages of business development. Services are either free or cost little and include help creating a business plan; assistance securing a loan; support for manufacturers, importers, and exporters; disaster recovery help; assistance with market research; guidance on healthcare issues; and aid in procurement and contracting.
- The National Federation of Independent Businesses
The National Federation of Independent Businesses is the nation’s largest small business association. In addition to extensive lobbying work on behalf of the interests of businesses, NFIB also provides ample resources for entrepreneurs. Business owners can searchfor webinars, articles, infographics, or videos on key topics relevant to their operations, including legal issues, financial matters, human resources, technology, and more.
- Google Analytics
Today, almost every company has an online presence. Because so many people find products and services through the internet, it’s useful for you to know what’s bringing people to your website, where visitors are coming from, how long they’re staying, and when they’re leaving. Google Analyticsis a free tool that can give you answers to lots of these questions. There’s a paid version, too, but if you’re just getting started with tracking online activity, the free version should give you ample information to begin perfecting online marketing tactics.
- The Department of Labor
If your company plans to hire any workers, it’s absolutely imperative you abide by myriad rules and regulations applicable to the hiring processand the way you pay your workers. To help, the Department of Labor has an Office of Small and Disadvantaged Business Utilization that has a comprehensive summary of the rules you need to know.
Other resources for small businesses in Oregon include the Oregon Small Business Development Center, the Gresham Small Business Development Center, Technology Association of Oregon (TAO), and the Small Business Resources team from Cyber Oregon.
Cyber Oregon partner blog post of interest
- Splunk: Three Questions For Empowering Security: From Gartner’s Risk and Security Management Summit Europe