In 2019, North American businesses experienced an 11% increase in cybersecurity attacks (Accenture). There were more than 18 thousand security incidences and nearly one thousand data breaches (Verizon 2020 Data Breach Incident Report).
Downtime, damage to core systems, and information loss are the most common outcomes business owners experience because of these types of attacks. If you own a business, you need to assess what kind of cybersecurity risk you have, and how it could impact your business.
A preliminary evaluation of your business’s security risk includes these four steps:
Identify your assets.
What do you have that must be protected?
Consider physical items (hardware, devices) as well as data. Know what kind of data you collect, where it is stored, and how it is used.
Prioritize and quantify your assets.
Once you’ve identified them, you need to know which assets are the most important. Which of these assets is most valuable and why?
Identify most-likely threats.
Verizon reported that among businesses with fewer than 1,000 employees in 2019, external threat actors posed the most significant threat. Nearly two-thirds of all security incidents came from someone outside the organization, compared to about 20% from an internal actor. Data breaches caused by someone with a personal grudge accounted for 3% of cybercrimes against small businesses.
Common external/internal threats include:
- Employees open an email link that contains ransomware/malware, which then opens access for attackers.
- Employees change, remove, or otherwise use information they should not.
- Poorly configure cloud services enabling data leaks.
Evaluate vulnerabilities within your current security protocols.
You may want to review any previous security issues your company has experienced, read about specific threats to your industry, and consider your employees current security hygiene (administrative access, email policies, password updates). Consider working with a third party or a consultant to help.
If you are not already employing regular patch updates, this is the time to start. Automatic updates can help reduce software vulnerabilities, but these can be time-consuming and confusing to maintain.
After you have completed these four steps, you should have enough information to determine whether you need to implement new controls, such as hardware or software encryption, automatic updates, or other technical means.
If this sounds like an overwhelming task, don’t worry. Right now Dice offers a free security evaluation for businesses like yours.
A partner like Dice Communications can help you implement your new security strategy, or simply review it and offer recommendations. If you are not sure whether your risk assessment is complete, Dice can provide additional support by conducting in-depth security audits or evaluations.
Contact us today to schedule your free security audit here.