Four Proactive Tips to Improve Cybersecurity for Small Businesses

February 13, 2018

By Melissa Ellis

Although the media headlines often highlight major data breaches of large corporations and government agencies, the majority of businesses being hacked are small businesses. Why is this the case? Most small businesses do not have layers of security in place to protect them so attackers consider them low-hanging fruit. According to Verizon’s 2017 Data Breach Investigations Report, 61 percent of data breaches in 2016 affected small businesses. As many of you are aware, the title industry is in the attackers’ direct line of fire. The good news is that effective IT security is not beyond reach. Here are a few cybersecurity tips that can benefit your business.

Network Security

Implementing a network firewall with intrusion detection and prevention capabilities (IDS/IPS) is crucial. A firewall protects your network from malicious traffic and an IDS/IPS system properly monitored can stop a attackers in their tracks. Unmanaged systems do not provide adequate security.

Attackers are working around the clock and so should your security. Performing regular network vulnerability testing, internally and externally, can identify risks and give you the opportunity to remediate before being hacked. Many of the common vulnerabilities that this process could identify include legacy or otherwise unsupported operating systems, poor patch management and exposed systems.

It is essential that workstations, servers and laptops are updated and patched on a regular basis. The WannaCry ransomware attack quickly infected 150 countries and targeted computers that were unpatched. It is important that not only Microsoft updates/patches are consistently applied but also third-party software such as Adobe, Java and antivirus programs need to be maintained. There are managed systems available to ease administration and ensure timely and consistent updating/patching occurs.

Back Up

Having a backup and understanding where your data is stored is critical. There are several backup scenarios available. Whichever scenario fits your business, the important factors remain the same: Make sure your data is in a secure location, is encrypted during transit and storage, and is regularly tested so that the data can be restored. You do not want to be in the position where your back up is needed and find that hardware is not available, the time to recover is days or weeks longer than expected, or the data won’t restore properly. Consider keeping redundant backups.

Security Policies and Procedures

With the ongoing concern about keeping business and client data safe, it is vital to have security policies and procedures in place. Employees need to understand what is expected of them and be given the proper tools and technology to safeguard business and client data. For many businesses, writing security policies and procedures can seem like a daunting task. There is no reason why you can’t start small and add to them.

One simple yet very important policy is a password policy. According to Verizon’s 2017 Data Breach Investigations Report, 81 percent of hacking-related breaches leveraged either a stolen and/or weak password. Every password can be hacked. It is just a matter of how much time it takes. A basic seven-character password consisting of lower case letters can be cracked in seconds. The longer and more complex a password is the longer it takes to crack. Make it difficult for the hackers and they will move onto lower hanging fruit.

Security Awareness Training

Security awareness training, another required layer of security, is the missing link across many small businesses. But even if the previously mentioned safeguards are implemented, though, if your employees are not trained on how to recognize and handle everyday security threats your business is still at serious risk.

Employees are the number one target of attackers, who take advantage of workers who have not been given the necessary training and tools. One of the main problems the title industry is facing now is phishing emails. The FBI reported a 480 percent increase in wire fraud attacks in 2016. Many of these attacks involved phishing emails. Implementing a comprehensive and ongoing security awareness training program is your best line of defense against these attacks. Educate and empower your employees; everyone is part of the security team!

It is very important that small businesses take proactive approaches to IT security. Avoiding the necessary steps is only going to increase your chances of falling victim to an attack. Implementing and maintaining the proper layers of security can be complex, requiring knowledge of the everchanging landscape of the IT security world. When selecting a company to assist your business, it is important to choose a company with proven expertise in IT security. Cybersecurity threats are continuing to rise. Now is the time to take action to protect your business and client data.

Melissa Ellis is a co-owner of Systems Management Enterprises Inc. (SME), a Virginia-based information technology and security company providing data center services, managed security, compliance solutions and technical support to businesses nationwide for 17 years. Ellis can be reached at melissa.ellis@smeinc.net.


Contact ALTA at 202-296-3671 or communications@alta.org.