Securezoo Monthly Security Newsletter
Six Critical Security Safeguards Every Small Business Should Have for 2014
December 2013
Well, 2013 has been another challenging year for businesses of all sizes when it comes to securing their data. Tech giants like Facebook, Twitter, and Microsoft among many others, rolled out two-step verification (or two factor authentication) to combat high profile password breaches and account takeovers. Most recently, Target was hacked in a massive breach of 40 million credit card accounts.
Do small businesses even stand a chance?
I think they do, but each company will need to work extremely hard to improve their security programs to stay ahead of their competition and of course, hackers.
To help make 2014 a more successful and safer year, I’ve summarized below six critical security safeguards every small or mid-sized business (SMB) should have, regardless of size or budget constraints:
1) Policies: ensure your business has documented and communicated information security policies for your business. I view the policies as essential rules and a legal contract of what you expect your employees to follow in order to secure your company information / assets and as a condition of employment.
2) Security awareness training: ensure your employees and contractors take information security awareness training to help reinforce their responsibilities and understanding of how to better protect data and your company brand. Training should be required upon new hire and as annual employment requirement. Threats and hacker methods constantly evolve and employees must be “armed” with knowledge to help thwart attempts to steal your company data.
3) Web application security: Does your company own a website? When was the last time you scanned your website to see if it contains any vulnerabilities? How do you know whether hackers can easily gain access to your critical website or company data? The first step is to have a scan performed on your site to identify and correct any potential vulnerabilities such as “OWASP Top 10” or network vulnerabilities. Don’t just rely on third parties or cloud service providers. Validate your web apps are secure.
4) System and device software security: We’ve all been preached to a thousand times how important it is to patch and keep our software up to date. Too many times, however, companies get breached via insecure software (e.g., phishing attacks via e-mail used to run a malicious program to exploit a vulnerability in our systems). Ensure not just operating systems (such as Windows) are patched, but also pay attention to your applications (e.g., WordPress, Java, Adobe, MS Office, etc.) and keep them up to date.
5) Endpoint security: I’ve summarized endpoint security to include a collection of client software and security controls that run on an endpoint (such as laptop or smartphone) to protect from malicious software (e.g., anti-virus). Additional controls can include a web proxy (i.e., warn or block users from visiting bad websites), e-mail protection and data loss prevention to name a few. Some vendors, such as McAfee offer easy to install clients that can help keep SMB endpoints secure, rather than installing multiple hardware or network devices that may do the same thing.
6) Encrypt your sensitive data: If all of the above controls are beaten by an attacker, what data protection safeguards could help provide the last line of defense? Encryption should always be used to protect sensitive data (such as personally identified data) both at rest and in transit. Encryption converts free text information (such as credit cards, SSNs) to ciphertext that can’t be read by an attacker. Strong encryption algorithms (e.g., AES256 or TDES) should also be used. Another form of cryptography, “hashing”, should also be used to protect data such as passwords. Strong hashing algorithms like SHA2 should be used and replace weaker algorithms such as MD5.
This concludes my favorite list of six things that I hope will lead your small business or new startup in the right direction. If you have any questions, feel free to reach out to Securezoo for solutions or guidance in any of these areas.
All the best to a successful year for you and your business!
Frank Crast
Securezoo
Security safeguards
The post Six critical security safeguards for your business for 2014 appeared first on #Bizitalk - the Social Network for Small Business.