by Marcus Harris, Software Litigator at Taft Stettinius & Hollister LLP
Since 2003, October has been recognized as National Cyber Security Awareness Month in an effort to promote safety and security online. While October has now come and gone, cyber security remains an extremely important topic and will continue as such through the foreseeable future. According to Forbes, spending on cybersecurity in the U.S. could reach $66 billion by the end of 2018; globally, it is expected to reach $170 billion by 2020.
Cybersecurity refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access. We tend to think of this as only affecting big corporations and retail businesses; for instance, you might recall the Facebook breach that happened at the end of September where 50 million accounts were exposed. The truth, though, is that individuals, startups, and small businesses are just as susceptible to cybercrime as the behemoths.
In fact, the Ponemon Institute reported that 61% of breaches hit small to medium-sized businesses last year, in part due to many of these growing companies underestimating or downplaying the risk of cyber security threats. What’s more, cyber attacks are estimated to cost small businesses between $84,000 and $148,000, and 60% go out of business within six months of an attack.
So how can small businesses, which are often met with lower budgets and security measures, minimize their risk of cybercrime? Here are a few easy-to-implement ideas.
1. Be wary of allowing employees to bring their own devices.
The BYOD (Bring Your Own Device) movement has gained a lot of popularity in recent years. And for good reason, it gives employees the flexibility they want and need, and lessens the initial investment for businesses. It’s important, though, to remain aware of the potential risks associated with BYOD, especially related to company data and IT infrastructure protection. Consider supplying a business-owned device that is set up with special protections and/or restrictions. If that is not an option, make sure to have a BYOD policy in place— see below.
2. Get clear on policies.
To avoid unnecessary disputes and the costs associated with them, implement a carefully drafted BYOD policy with your employees. This can range from how much monitoring your IT department is allowed to have over the device to when and where device use is appropriate. Other important factors: require employees to use strong, unique passwords and change them often, set up a protocol for reporting a lost or stolen device, ask that they only operate on secure networks, and require regular antivirus and firewall updates.
3. Regularly update device software.
A poorly updated device can make it easier for hackers to breach confidential information. To combat this, schedule regular updates across all devices and platforms, from desktop and mobile operating systems to web browsers, and so on. Require employees to participate in each update, whether working from their own device or one that is business-owned.
When it comes to cybersecurity, there is no one-size-fits-all plan; what works well for one business can look completely different for another. What’s most important is that there is a plan to begin with. Not sure where to start? If you need help, talk to an IT professional or an attorney who specializes in the field — it’s far cheaper to get a consultation and create a plan at the outset than it is to deal with the loss of your data — and the potential loss of your business in its entirety.
Marcus Harris is a Software Litigator at Taft Stettinius & Hollister LLP and works with technology companies and software developers from startups to publicly traded companies regarding software development, licensing, ownership, and distribution. Marcus has drafted and negotiated complex multimillion-dollar software development, licensing and services deals with Fortune 500 companies, and has developed and implemented an open source software strategy for a large global ERP vendor.