Small and medium-size businesses can fight hidden security threats without breaking the bank, according to a panel of industry leaders at the Privacy XChange Forum.
The panel, moderated by Deena Coffman, CEO of IDT911 Consulting, brought together Mike LeBaron of Symantec, David Richardson of BF Re Underwriters and John Dewoski of Speed Wire to discuss “Invisible Threats: How Your SMB Can Combat Hidden Security Dangers.”
They walked through lessons learned from a recent breach at a fast-growing small business and each shared their top tip for SMBs:
- Dewoski, general counsel at Speed Wire, joked that aside from switching to paper and pencil, SMBs should consider conducting regular security audits, particularly with vendors such as a Managed Service Provider (MSP).
- Richardson, senior vice president at BF Re, encouraged SMBs to train employees to use complex passwords and change them regularly. He also recommended that SMBs develop a written action plan that communicates to employees what the risks are and what they should do if they suspect there has been an impact on security. “It’s like a fire safety plan,” Coffman elaborated. “You don’t want to have to use it but you don’t want to be caught without it.”
- LeBaron noted that technology threats are a great equalizer: The problems are the same whether the company is small, medium and large. At the end of the day, the message remains the same. Know your data. Know your people. Understand where the data is located and how to adequately protect it. Educate your people. Patch everything. Don’t make yourself an easy target. “Hackers are looking for easy opportunities,” he said. “When we did a survey of several thousand URLS, more than 50 percent had vulnerabilities that were easily exploitable and also could have been easily patched.”
Coffman encouraged delegates to promote encryption among employees because it’s simple, free and readily available. Also, she encouraged SMBs to recognize that information security and IT are different disciplines, so it’s important to work with the right people, whether they’re on staff or a vendor.
“Security doesn’t have to be difficult or expensive,” she said.