Privacy is good business. Is Your data Secure?
SMBs that use enterprise resource planning solutions to integrate data across their companies need to have policies, tools and education in place that decreases the likelihood of a successful cyberattack. As the number of cyberattacks on small- and medium-sized businesses escalates. Data Privacy Day – January 28 – is a chance for SMBs to take a closer look at security needs.
What Small and Medium-Sized Businesses Need to Know About Cybersecurity
Cybersecurity is an ever-increasing issue for businesses of all sizes, but is of particular concern among small- and medium-sized businesses. Hackers know that many SMBs are under-resourced and may not have the right policies and tools in place to protect their systems, networks and users.
The 2018 U.S. State of Cybercrime survey, an annual study done by CSO online, in partnership with the U.S. Secret Service and Carnegie Mellon University, shows the startling rise in the number of attacks. Among its findings:
SMBs reported a whopping 34 percent year-over-year increase in the number of cybersecurity events in 2017
Only 65 percent of businesses have a formal incident response plan
The average security budget rose by 9.5 percent in 2017
On average, it took SMBs 56 days to identify network intrusions
A quarter of all cyberattacks are caused by insiders, with 36 percent of those attacks considered unintentional or accidental
Targeted attacks were responsible for 40 percent of all financial losses from security events
Only 53 percent of SMB executives believe their companies are able to respond to a security incident
Security awareness training is lacking, with 34 percent receiving training once a year or less frequently
Those statistics show that many SMBs are ill-prepared when it comes to preparing for, preventing, and dealing with cyber attacks. These gaps come at the same time as regulatory mandates, both in the United States and abroad, that require companies to do more to keep data secure and protect consumer information.
For any company that does business in Europe, the General Data Protection Regulation (GDPR) requires companies to comply with strict rules about protecting customer data for European Union citizens.
Name and address
Racial and ethnicity data
Web information including IP address, cookies and RFID tags
In the United States, California passed new privacy laws in 2018 that require businesses to notify consumers about personal data that’s collected or sold to third parties. Scheduled to go into effect in 2020, the law also gives consumers the option of opting out to selling data to a third party.
Alabama and South Dakota became the final two states to require companies to report data breaches. While that’s good news for consumers, the increase in regulations is a significant challenge, as the statutory requirements vary from state to state.
Six Best Practices for Cybersecurity
Given the increasing cybersecurity threats and regulatory and reputational consequences, what can SMBs do to prepare. Here are a few steps to take:
Create and Document Policies. Make sure your company has well-defined policies related to computer use, passwords, device usage and protocols that are documented. It’s also important to make sure these policies are distributed, discussed and reviewed with employees and, where applicable, contractors, partners and freelancers. The U.S. Small Business Administration has helpful information and checklists available.
Use a Firewall. A next-generation firewall protects your network’s perimeter, preventing outsiders from accessing data and websites. When these firewalls are monitored 24/7, suspicious activity can be detected, contained, sourced, and removed before causing serious damage.
Address Mobile. Employees increasingly need access to data and applications remotely, on multiple device types, models and operating systems. ERP manufacturers are increasingly adding mobile features and apps as well. Keeping this information protected by remote users means having clearly documented and monitored bring-your-own-device policies. These policies may include authentication and password requirements, monitoring and remote locking, disabling and wiping.
Back Up Data, Apps, Systems. Cloud solutions allow companies to easily create automated data backup processes, ideally at multiple, offsite and out-of-region locations. These backups should include rigorous physical and digital security.
Develop Business Continuity Plans. Consider the number of natural disasters that have struck the United States in the last year – hurricanes, massive wildfires, crippling storms and earthquakes. Your business needs a plan in place that ensures minimal disruption from naturally occurring disasters or cyberattacks. These plans need to include the procedures that are used and who’s responsible for what during and after a disaster.
Install Anti-Malware Software. Make sure that each device and server has anti-malware, anti-spam and anti-phishing tools installed that are automatically scanning and updating.
Data privacy day is everyday at ESS
At Exceptional Software Solutions, we help SMBs with the selection, service and optimization of enterprise resource planning solutions, including Exact Business Software, Acumatica and SAP Business One. We know how important data security is to our clients, on Data Privacy Day and year-round. To learn more about how Exceptional Software can help with your ERP needs, schedule a demo today.