Column: Create a cyber security plan for your business
Image courtesy of FreeDigitalPhotos.net
Last time I wrote about creating a plan for online safety at home. Now we need to think about the workplace. Small businesses are at risk just as much as the large corporations we hear about in the news every day.
Recently, the Business Week article, “The Cost of Cyber Crime," estimated the cost of cyber crime and cyber defense. The cyber defense numbers reference the money it costs for business to recover from an attack. Large corporations may have the insurance or reserves to pay those costs, but many small businesses are just making payroll. A cyber attack on a small business could end the business.
At an event in my community a couple years ago, we had a speaker address the audience about her experience as a small business owner. Hackers from a foreign country created a false website that looked just like her company website and redirected all her customers to that fake site for a period of two months before she realized what was happening.
Once the customers were on the fake site, they entered personal information and payment information, which was quickly used against them by the attackers. For two months, the business owner had no new business and even as she restored her site, customer trust had been lost. Her ability to get recourse on the criminals in a foreign country was limited to none, and the net loss to her business was more than $200,000.
If you are a small business owner or know one, there is help. Just as you should implement a program in your home to protect your children and assets from cyber crime, your small business also needs a plan. There are many resources available, including National Cyber Security Alliance website, www.staysafeonline.org, which has the tools and resources you need to guide you in implementing a cyber safe business plan.
NCSA clearly walks the small business owner through the necessary steps, including:
Assess your risks
NCSA and Symantec have researched the risks of small businesses, and the numbers are not good. More than 77 percent of small businesses surveyed did not have a formal written Internet security policy for employees. Business owners need to consider what information they collect, how it is stored and who has access to that data. Then, policies need to be implemented to protect the data.
The best practices for protecting your computers at work are very similar to the home policies we have discussed before. Strong passwords, being smart about phishing attempts and spam and using anti-virus are just a few of the basic policies every small business owner should be following.
Report cyber attacks
If a business is attacked, they should notify appropriate authorities. Depending on the type of crime, the agency to report to may differ. The Stay Safe Online website has a list of reporting agencies.
Implement a cybersecurity plan
The Federal Communications Commission has created a Small Biz Cyber Planner for businesses to use. This online template allows the business owner to chose the topics relevant to their business and a guide is created on the spot and ready to print with template language contributed by government and industry working in partnership.
Protect your customers
Train your employees
A business is vulnerable if the employees are not trained in safe online practices. Having a safety manual is not enough. Employees need training and should be encouraged to speak up when they notice something strange with their computer.
Today’s Quick Tip:
Create a cyber security plan for your business. If you work at a business that does not have a plan, talk to your boss and share the resources in this article with them. Many resources are free and implementing a plan could save your business.
To get more great information about staying safe online, including access to free monthly newsletters, webcasts and more, visit the Center for Internet Security at www.cisecurity.org. Stay tuned for our next chat!