It\u2019s nearly a month now since the Sony hack. While other global events now dominate headlines, the Sony breach should serve as a constant reminder to remain ever vigilant when it comes to protecting your company data. Research suggests that protecting data begins right within your own organization by ensuring that small business employees follow best security practices.<\/p>\n
Employees doing something they shouldn\u2019t do is the cause of a significant number of data breaches, says Jeffrey Bernstein, managing director of information security at T&M Protection Resources. Recently interviewed by Angela Stringfellow for an American Express Open Forum article, \u201cThe Sony Hack: Security Lessons for Small-Business Owners,\u201d <\/a>Bernstein noted that security industry data over the past 12 months indicates that well over 80 percent of data theft began with users doing things they shouldn\u2019t have. Activities that open the door to hacks include clicking on a malicious link in an email, opening an email attachment, using weak passwords or being tricked through phishing scams or other social engineering attacks to provide a password.<\/p>\n While cyberattacks are on the rise in general \u2013 the Ponemon Institute reported <\/a>last September that 43 percent of US firms experienced a data breach in the past year \u2013 hackers have increasingly turned their attention to small businesses, many of whom lack sufficient security safeguards<\/p>\n A 2013 survey<\/a> conducted by the National Small Business Association found that 44 percent of small business had been attacked costing the company an average of $8,700. Even more alarming is how many small businesses go out of business after a breach. Credit information company Experian estimates that figure is as high as 60 percent.<\/a><\/p>\n The National Cyber Security Alliance (NCSA), <\/a>whose mission is to educate and empower the safe and secure use of the Internet, recommends small business owners assess their risks online, since as many as 66 percent <\/a>indicate they depend on the Internet for day-to-day operations. From that, you need to develop a formal written Internet security policy.<\/p>\n NCSA recommends that the questions to consider when assessing online risks include:<\/p>\n In developing your plan, focus on three key areas: prevention, resolution and restitution. The Federal Communications Commission provides a Small Biz Cyber Planner<\/a> to help evaluate your risk and create a plan.<\/p>\n Even the best policy won\u2019t help if you don\u2019t provide your team with training about accessing information whether it\u2019s resident on company computers or in the cloud<\/a>. Policy also should include best practices for the use of personal mobile devices<\/a> in the office, from remote locations or on the go.<\/strong><\/p>\n Among best practices, NCSA recommends:<\/p>\n Keep machines clean: <\/strong>Policy should include what employees can install and keep on devices they use for work.<\/p>\n Create strong passwords: <\/strong>They should be long and strong, with a mix of uppercase and lowercase letters, numbers and symbols, says NCSA. Employees also should be advised to\u00a0 change passwords routinely and keep them private.<\/p>\n When in doubt, throw it out:\u00a0<\/strong>Instruct your team not to open suspicious links in email, tweets, posts, online ads, messages or attachments \u2013 even if they know the source<\/p>\n Back up work: <\/strong>Backup can be automatically set or instruct your team how to do it themselves.<\/p>\n When it comes to protecting your small business data, make it a company-wide effort to keep it out of the reach of the bad guys.<\/p>\n","protected":false},"excerpt":{"rendered":" It\u2019s nearly a month now since the Sony hack. While […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[510],"tags":[587,739,641,396,929],"_links":{"self":[{"href":"https:\/\/blogs.poly.com\/wp-json\/wp\/v2\/posts\/1381"}],"collection":[{"href":"https:\/\/blogs.poly.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.poly.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.poly.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.poly.com\/wp-json\/wp\/v2\/comments?post=1381"}],"version-history":[{"count":0,"href":"https:\/\/blogs.poly.com\/wp-json\/wp\/v2\/posts\/1381\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.poly.com\/wp-json\/wp\/v2\/media?parent=1381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.poly.com\/wp-json\/wp\/v2\/categories?post=1381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.poly.com\/wp-json\/wp\/v2\/tags?post=1381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Assess your cyber security risk<\/strong><\/h3>\n
\n
Train employees<\/strong><\/h3>\n