Maria Horton CEO of EmeSec
The 23 million small businesses that are thriving in America today are the foundation of local communities across the country. Most businesses must adhere to the "always- on" world and stay connected with customers that cause potential concerns securing sensitive data.
Many government agencies, healthcare providers and small businesses often presume that a low profile will help them escape the reach of cyberattacks.
However, according to the 2013 Verizon Data Breach Report, three out of four companies attacked in 2012 were organizations with 100 people or less. The lack of a strong cyberdefense carries hidden costs in the form of lost intellectual property or legal liabilities.
With the rise of cloud and mobile devices, company information is no longer held within the business' physical walls. End-users are downloading personal applications on company-issued devices or storing work information on personal devices.
Every industry approaches cybersecurity with a unique set of compliance standards. Within healthcare, the Health Insurance Portability and Accountability Act (HIPAA) regulations and Payment Card Industry (PCI) requirements focus on protecting personally identifiable information (PII) data.
Similarly, the federal government created the Federal Risk Authorization Management Program (FedRAMP) as a rigorous, government-wide program that provides a standardized approach to secure the cloud. The small business space can benefit from a similar degree of rigor in approaching security.
A year ago, the Federal Communications Commission (FCC) created a tailored small business Cyber Security Planning guide that allows a user to customize the security recommendations. Through this, the guide gives recommendations on specific issues like privacy, fraud, and policy development management. Small businesses can easily adopt best practices in cybersecurity.
Small businesses owners should consider all stakeholders in their security strategy. Data security must extend beyond the business to consider protecting all customers, investors, partners, and employees' PII by guarding devices that hold sensitive data like a credit card machine.
Also, entrepreneurs can reduce the number of breaches by employing two-factor authentication security process forcing employees to use two means of identification such as a physical token and a security code.
Finally, security can be challenging when it comes to the growing mobile workforce. A mobile security strategy requires employee devices to incorporate password authentication, encryption of sensitive information, and a procedure for reporting lost or compromised information.