This April, the National Cyber Security Alliance is encouraging consumers and business owners to make time for digital spring cleaning. Each week is dedicated to highlighting tips to help secure our most sensitive data.
It’s important to make cybersecurity a priority in your personal life, as well as work. Small businesses are frequently targeted by cyber criminals, as many do not have policies and procedures in place to guard them from such an attack.
In a recent survey, eight out of 10 small business owners said they do not have a cyber attack response plan in place, even though the majority (63 percent) of these businesses have been a victim of at least one type of cyber attack.
For insights into the “dos and don’ts” of creating open cybersecurity, we sat down with Michael Kaiser, executive director at the National Cyber Security Alliance. The first thing small business owners need to do is understand the risk is serious.
“Don’t think it won’t happen to you,” Kaiser said. “Don’t think that what you have is not valuable to a cybercriminal.”
Companies need to be very aware of the safety and security necessary to keep information and work devices safe from malicious threats and human error.
“It has to be a commitment from the top of an organization for people to take cyber security seriously,” Kaiser said. “Everyone plays a role in that. … Leadership sets the tone about the importance of protecting the company’s assets, and also the personal information of their customers, clients, [and employees].”
For businesses just adopting cybersecurity best practices, Kaiser mentions starting with password reminders, policies that fit the size of your organization, and creating a conversation.
“[You can start with] getting people together in a conference room and talking about cybersecurity and what they need to do, and what your policies are,” he said.
If you are part of a large organization, invest time into policies and employee trainings around phishing emails and “Bring Your Own Device” best practices. Revisit the conversation often.
“It has to be reinforced,” Kaiser said. “It can’t be a one and done kind of thing. It has to really be periodic. … Reminding people of the value of the information that an organization holds and the responsibility they have to protect it. When people give you their information, they expect you to protect it.”
It’s important to empower coworkers to protect data. Set rules and responsibilities, and let employees know they are being entrusted with the data of consumers and other employees.
Leadership should also have cybersecurity procedures in place, should a breach occur.
“At the end of the day, cybersecurity is about resistance but it’s also about resilience,” Kaiser said. “It’s about how fast you can come back if you are attacked.”
Save the Date: Our next episode will air on Tuesday, April 26, and will explore medical identity theft.