5 Cyber Risk Management Guidelines Every Mid-Market CEO Should Consider

By BDO Digital| August 07, 2017

Despite rising security threats, we’re still seeing an alarmingly high number organizations sitting relatively still when it comes to protecting their IT systems against attacks. We hear things like, “we don’t have any sensitive information” or “no one would target a company our size.” While this may have been true at one point in time, I have yet to see a case of this in the modern age. Regardless of your business size or industry, every organization has information valuable to attackers including customer names, user credentials, credit card information, and social security numbers.

From a security perspective, we live in an interesting time. As new advancements in technology open new methods to exploit weakness, security incidents are on the rise. While data breaches in larger organizations like Sony and Target make headlines, it is often overlooked that hackers are also attacking organizations of all sizes, arguably causing even greater impact to the bottom line of small and mid-market organizations. A National Cyber Security Alliance study shows 60 percent of small and mid-size businesses affected by cyber-attack go out of business within six months, but even the lucky ones suffer significant financial and reputational setbacks.

How to Protect Your Mid-Size Business from Cyber Attacks

In today’s environment, the question isn’t if you are going to be attacked, it’s when. Many executives still associate cyber security as an “IT problem” when, in fact, it should be prioritized as a top initiative that stretches across the entire organization. Successful threat mitigation plans require a top-down approach. When developing safeguards to protect your organization, it’s important to consider these five key guidelines:

  1. Consider ALL your data: When thinking about what data resides on your networks, don’t just think about documents or applications that are used on a daily basis by your workforce. Think about the data that each department uses, regardless of the frequency. For example, do you have your employees PII data on the network? What about their bank account info for payroll? If that data were stolen, what risk to your business might you be facing?
  2. Protect Against Cryptolocker Incidents: Networks get faster and faster, allowing attackers to scan more corporate networks in shorter periods of time looking for any hole they can use to get in. By now, everyone has heard of some variant of a cryptolocker incident. What impact are you facing if on Monday morning your file servers are encrypted? What about all servers and all workstations on the network?
  3. Improve Password Protection with Multi-Factor Authentication: Today’s cyber attackers are much more sophisticated at breaking passwords. A nine-character password can be broken in just 5 days. Have you considered using a multi-factor authentication system so access to your systems and data is not entirely dependent on the user’s decision to set their password?  Multi-factor/two factor systems have come a long way in terms of ease of implementation, ease of use, and cost of ownership.
  4. Educate Your Users: The vast majority of attackers enter networks through the path of least resistance – your users. A study by the Georgian Institute of Technology found that 95% of security incidents involve human error. This makes empowering users to recognize threats and educating them on security protocols one of the most important components to any security strategy.
  5. Consider Outsourcing Your Security Management: As more sophisticated cyberthreats loom on the horizon, business executives need to look for enhanced ways to help them withstand the constant barrage of attacks. Often times, internal IT teams simply do not have the time, expertise, and/or tools required to implement comprehensive security programs. For many mid-size organization, this means partnering with a Managed Services provider that has the experience to cover all facets of information security, including risk management, governance, security architecture, operations, and more.

To learn more about how to build a more proactive defense against cyber-attacks, and why outsourcing security to a Managed Serviced provider can help your organization build resilience to multiplying threats, contact us to discuss the best cyber security defense for your business.

Teams security and compliance demo