2. There’s nothing “small” about the small business sector. According to
the U.S. Small Business Administration, the 23 million small businesses
in America account for 54% of all U.S. sales, provide 55% of all jobs,
and have created 66% of all net new jobs since the 1970s1
—not bad for
what the agency defines as “a business that is not dominant in its field.”
Although your data is critical to your success and you are integral to the
success of the U.S. economy, many startups and small businesses let
cybersecurity slip through the cracks. There is no shortage of negative
news stories about business data breaches and it isn’t just the large
corporations. “The U.S. Department of Homeland Security reports
31% of all cyberattacks are directed at businesses with less than 250
employees.”2
Small businesses often lack the budget, staff, and sophistication to
assemble strong defenses, making them an easy target where the
chances of thieves getting caught is much lower. No company is “too
small to be worthwhile” for the bad guys. Making sure your business
is adequately protected can seem like an overwhelming undertaking.
We’ve compiled a list of the top things startups and small businesses
need to know about cybersecurity and created this eBook to help you
get started.
1. Small Business Trends, SBA.gov, U.S. Small Business Administration
2. Daily World, Small businesses frequent targets of cyberattacks, February 2015
Cybercrime is a Big Problem
for Small Business
3. Cyberthreats to your business are usually blamed on outsiders, but
sometimes the threat actually originates from within. Within a small
business, employees are usually wearing many hats. More potential for
human error means more vulnerability to known, unknown and advanced
threats. It’s important to create a cybersecurity employee education plan
that includes the following:
• Explain the potential impact a cyberincident may have on business
operations and spell out specific rules for email, web browsing,
mobile devices and social networks.
• Have regular, focused sessions with employees to explore different
types of cyberattacks and test their security knowledge.
• Include cybersecurity training in onboarding activities for new
employees.
1 Educate employees as a
first line of defense
• Make training useful, relevant, and responsive to real world
examples.
• Train employees to recognize an attack and have policies in place
that assume you’ll be infiltrated. Communicate step-by-step
instructions about what to do in case of a cyberincident.
4. Since the list of “The 25 Most Popular Passwords of 2014” was widely
published, the fact that “123456” and “password” are still in the top
two slots is probably not wasted on cybercriminals.3
The White House
and others would suggest that the answer is to “kill the password,”4
but, in the meantime, there are simple steps to keep your
business safe:
• Use a unique password for each account
• Change passwords often
• Use a mix of letters, numbers and symbols
3. Gizmodo, The 25 Most Popular Passwords of 2014: We’re All Doomed, January 2015
4. The Hill, White House Goal: Kill the Password, February 2015.
• Avoid the use of personal information or common word as a
password
• Make sure your password backup options are up to date
• Keep your passwords complex and unique, and use a password
manager to keep them secure
• Select options for two-factor authentication, and require
security questions
2 Use strong passwords,
two-factor authentication,
and/or a password
manager
5. Securing IT infrastructure is often an afterthought for solo startups or
businesses with very few employees. But this is a mistake. According
to a report from the Ponemon Institute, more than half of U.S. small
businesses surveyed have experienced at least one data breach.5
But
when entrepreneurs decide to take steps to secure their new business,
too often they can’t afford to purchase and install multiple pieces of
complex software that are designed for much larger enterprises. Even if
they have the budget, they’ll struggle to properly utilize and manage it.
Small businesses should select software or select vendors that are well
known for providing intuitive, comprehensive security software to small
businesses in order to avoid the trap of paying too much for something
they will struggle to use. Starting with anti-malware software designed
for a small business is the best first move.
5. Ponemon Institute, 2013 Cost of Data Breach
3 Safeguard important
data (no matter how
small your business)
6. With almost everyone now utilizing smartphones and/or tablets, it
is inevitable that your corporate data will end up on a device that
can easily be lost or stolen. Furthermore, most mobile devices have
weak security, so it is incredibly easy for criminals to compromise
these devices and gain access to not only the data on the device, but
also your entire business network. With so many people dependent
on smartphones and tablets, it’s not surprising that the bad guys are
targeting these vulnerable devices and that mobile malware is on the
rise. For small businesses, mobile security and device management
capabilities should be highly considered when creating security for
your organization.
At the end of 2013, there were 200,000 unique mobile malware code
samples and a further 175,000 in the first half of 2014.6
Mobile security
is no longer optional for businesses that use their mobile devices
to conduct business. And, according to Constant Contact, of those
surveyed in March 2013, 66% report currently using a mobile device,
including smartphones and tablets, or a solution, like mobile-optimized
websites and text message marketing.7
6. B2B International & Kaspersky Lab, 2014 Global IT Risk Report, October 2014
7. Constant Contact, Inc., Constant Contact Mobile Technology Survey, 2013.
4 Protect mobile devices, too
7. It may seem like overkill at first, but as soon as you start processing and
storing payment or other confidential information of your customers,
encryption is vital. If an employee laptop gets stolen, unencrypted
customer information can lead to crippling fines from regulatory
agencies and, equally bad, a loss of trust from your customers.
Also, data encryption is actually a requirement once you start setting up
Point of Sale terminals (fancy language for cash registers) that accept
credit cards. If you plan on having a storefront—physical or online—
you need to familiarize yourself with Payment Card Industry security
standards and the risks of violating these rules.
5 Think about encryption
8. Implementing a security solution that’s managed through a single
console makes sense, especially for small companies that may not have
dedicated IT security staff, much less an entire IT department. Because
complexity is the enemy of security, it’s critical that you choose
cyberprotection that allows you to set, deploy and monitor a single
policy across your entire IT infrastructure, including all devices, systems
and platforms. As a small business, you likely don’t have the expertise,
time or budget of a large enterprise, so finding a single solution that
meets your anti-malware, mobile security and encryption needs will
be much easier to manage than tying together multiple products from
different vendors. In short, look for one product that solves all of your
needs and allows you to focus on what you do best—running and
growing your business.
Install a multi-layered,
integrated security
solution
6
9. JOIN THE CONVERSATION.
Watch us on
YouTube
Like us on
Facebook
Review
our blog
Follow us
on Twitter
Join us on
LinkedIn
TRY KASPERSKY LAB
Discover how Kaspersky Lab’s premium security can
protect your business from malware and cybercrime with a
no-obligation trial. Register today to download full product
versions and evaluate how successfully they protect your IT
infrastructure, endpoints and confidential business data.
Get Your Free Trial Today
Learn more at
http://usa.kaspersky.com/business-security