Executive Director, National Cyber Security Alliance
According to a 2016 Ponemon Institute survey, 55 percent of small and medium businesses have experienced a cyberattack in the last 12 months. These attacks — which increasingly include ransomware — can have devastating consequences for a business, costing tens of thousands of dollars or more, and exposing highly confidential business and customer information. On a larger scale, these breaches can affect our nation’s critical infrastructure.
With the increase in cyber breaches, the National Institute of Standards and Technology established a framework in 2013 for reducing risks to the nation’s critical infrastructure. The framework takes a best-practice approach to analyzing and mitigating risks, and recommends smart steps that any company of any size can take for addressing cyber threats.
Inventory your most valuable assets that are of greatest importance to your business and would be most valuable to criminals, such as employee, customer and payment data. Then, assess what protective measures you need to take to be as defended as possible, and have systems in place that would alert you if an incident occurred. The systems should include the ability for employees to report problems.
When it’s time to respond, make and practice an incident response plan to contain an attack and maintain business operations in the short term. Also know what to do to return to normal business operations after an incident or breach, including assessing any legal obligations.
On a day-to-day basis, businesses can improve their online safety practices. These smaller measures would include having the latest security software, web browser and operating system in your business are the best defenses against viruses, malware and other online threats. This would also involve securing accounts by adding two-factor authentication and making passwords long, strong and unique.
You want to make sure that you protect the company’s online reputation. Do this by setting security and privacy settings to your comfort level of sharing. It’s also important to educate employees. Human error is often the cause of company cyber breaches. Teach your employees basic best practices. For example, if an email, social network post or text message looks suspicious — even if you know the source — delete it.
As cyberattacks continue to threaten businesses of all sizes, and consequently our nation’s critical infrastructure, businesses should focus on creating a culture of cyber security. Our nation depends on it.