With an epic onslaught of cybersecurity breaches in 2014, securing your business can be daunting amidst high-profile vulnerabilities such as Heartbleed. As a small business owner, you lock your doors when you leave at night and you keep your important documents in a fireproof safe. You have security cameras and an alarm system. If you found out one day there was a flaw in your particular brand of lock and they all could be opened with any key, you would surely change them.
Whenever you sell a product on your website, the transaction is secured behind a Secure Socket Layer (SSL), commonly implemented using an open source software called OpenSSL. This is the faulty lock where the Heartbleed bug lives, but you likely haven't bothered to change it. And you're not alone. As a matter of fact, two recent studies found that "57 percent of sites affected by Heartbleed have taken no action whatsoever" and "67 percent of people in the survey sample [...] had done nothing to secure any of their accounts". What's more, 75 percent of employees said they had received absolutely no instructions to change their passwords at work.
When Heartbleed first hit, we took to explain the inner workings and deep dive into all the things you need to do to protect yourself against it. The fact of the matter, however, is this: Heartbleed is just the latest in a string of vulnerabilities and breaches. From 2012 to 2013 alone, breaches grew 120 percent according to Verizon’s DBIR report series. According to Verizon’s 2013 Data Breach Investigation Report, 72 percent of data breaches affect small businesses.
After watching companies like Target and eBay weather the storm, you might think a security breach is more of an inconvenience than anything else, but the truth is that more than 60 percent of small and medium sized businesses that experience a breach go out of business after six months. In fact, the reputational fallout alone from a breach can last for months beyond the incident and translate into upwards of $5 million in losses.
So what is there to do? Instead of dealing with your business's security breach by breach, weather yourself for the storm and secure your business for the long haul.
Here are four steps you can take immediately to make sure you're ready to weather the unending onslaught of breaches:
1. Get a handle on who has access to what and take control.
These days, much of your business operates in the cloud: your email, CRM, online store, point of sales and more are often cloud-based applications. These applications hold sensitive customer information, often including personal and financial details, and your employees' identities are the keys. The problem here is that your employees are likely not using secure practices. They are likely reusing login credentials from other sites, which means they are the weak point in your security.
It is essential that you take control of access to your business's inner workings. Identity and Access Management (IAM) solutions enable you to manage and secure employees' logins by tracking who is accessing what, when. They also allow you, the business owner, to revoke and manage access independently of your employees. This means that when there is a security breach, you can manage password changes across the board without relying on your employees to take action, and even revoke access when they leave the company.
2. Be wise about who you are trusting and what they do with your business information.
When you choose a cloud-based application, you're putting your trust in that vendor to keep your data secure...but should you? These choices - about which cloud application you use to store all your sensitive in-house data or all of your customers' financial information - should be made carefully with respect to how they handle the data and where and how it is stored and secured. Do they have guarantees as to how secure their servers are? Where is the data being held and what protocols are in place to protect it? What sort of login security does the service provide? Does it rely on relatively insecure methods, such as social logins, or does it provide extra security by way of two-factor authentication? Even more importantly, if you're in certain sectors - such as legal or healthcare related industries - are these apps meeting regulations regarding how said data is stored and transmitted?
Choosing your cloud applications shouldn't be an off-the-cuff decision, it should be carefully calculated with regards to how you might further expose your business to security breaches. And in today's BYOIT atmosphere, it's not just up to you to make careful and secure choices, your employees are bringing their decisions and affecting your business's security as well. This brings us to our final point.
3. Train your employees in secure practices.
As we identified in the first tip, your employees are the keys to much of your business's online operations. They are the front line of your organization and the gateway to much of your data. Those same employees are consumers first, bringing with them into work their own devices, cloud applications, and security habits, leaving your business's data at the mercy of their behaviors.
Train employees on cybercriminal tactics used to breach accounts, so they can stop them in action. Help them understand business and personal risks to gain buy-in, and facilitate security training via a web-based platform or consultant to create the awareness and behavior change in your employees needed to build a culture of data security.
Don't wait for the next Heartbleed. If you don't act now, you may not be able to react quickly enough and being prepared can be the difference between surviving a security breach unscathed and going under.
Tom Smith, a technology executive with over 30-years of experience in management, cloud and enterprise sales and marketing, and strategic execution that includes founding executive roles at four software and technology businesses. In his current role as VP Identity-as-a-Service Business Development and Strategy at Gemalto, Tom is managing the online sales and channel aspects of the CloudEntr product family which provides a simple and secure way for businesses to access their cloud applications and resources.
When the WannaCry ransomware attacked companies all over the world in 2017, experts soon realized it was meant to be stopped by regular updating. Even…
TMC recently announced the launch of three new artificial intelligence events under the banner of The New Intelligence. I recently spoke with TMC's Ex…
Organizations must align internally to achieve effective innovation. Companies should consider creating cross-functional teams or, at a minimum, incre…
The three events that are part of The New Intelligence are all about how businesses and service providers, and their customers, can benefit from artif…
TMC announced the launch of The New Intelligence conference and expo - The Event Powering the AI Revolution. This exciting new event will take place o…