Though cybersecurity is not a one-size-fits-all proposition, it is also not accurate to say that smaller companies need smaller security. Osterman Research surveyed 900 security pros worldwide and found that 73 percent of midsized companies were impacted by a security threat in the preceding 12 months. Firms of this size face a similar number of attacks as larger companies do but must address them with fewer employees and resources.
This may seem like a no-win situation at first glance, but the market is responding to the changing security landscape and making some of the same tools that enterprises use available to midsized businesses.
Consider the following security challenges to a more robust cybersecurity strategy and best practices to ensure that you’re doing everything possible to keep your data and that of your customers safe.
One challenge is the mistaken assumption that your company is too small to interest attackers. If only attackers shared that belief! They know that midmarket companies often don’t have the same financial and personnel resources for security that enterprises do, which makes your company a potentially smaller, but usually easier win for them.
Dealing with the reality of human error is another challenge. Yes, it’s good to train your employees on security best practices, but it’s even better to put a security system in place so that when an employee eventually slips up—because they will—your data is still going to be protected.
Reduced resources and workers who take on a variety of roles are additional challenges. We routinely talk to people who have to be both the CISO, responsible for mission-critical data security, and the IT operations lead, responsible for almost anything IT under the sun! Cybersecurity often gets presented in confusing or convoluted ways that are meant for larger organizations, which means legitimately useful products and services do not always get adopted and cybersecurity falls short.
Tips for Improved Security
Midmarket businesses will benefit from implementing these four best practices, which will increase data security and help decision-makers focus on solutions that provide the strongest protection.
Look for External Security Expertise
It’s helpful for IT departments with limited staff and resources to find a trusted adviser or partner who knows the security space deeply. There is a lot of conflicting information in the market, and the security landscape shifts quickly with new vulnerabilities and new threats. It is difficult to impossible to wade through this morass alone and in addition to all your other daily job duties, much less come to fully informed decisions. Look for a security adviser with a good track record of coming alongside their customers with a partnering mindset.
Make encryption standard
Authentication stands at the front line of your organization’s defense, but encryption is the last bastion of an organization. By scrambling data to make it unusable to hackers, it protects like no other security solution can because even if intruders make it past your firewall, they will find only mounds of jumbled nonsense.
Encrypting sensitive data at the source—the application that brings data into the application for the first time—is the strongest way to protect it. Additionally, ensure that only authorized applications may decrypt such data upon authorizing those using FIDO Alliance-based strong authentication.
Midsized companies have not been able to afford encryption technology until recently. The market now offers affordable solutions that make enterprise-level encryption available to smaller organizations.
Stop Relying on Passwords
Not only are passwords annoying for employees to use, remember and change, but they are also insecure. In 2017, weak or re-used passwords were responsible for more than 4 in 5 breaches.
Get Rid of Passwords but Keep Your Employees’ Sanity
Employees frequently complain about having to rely on one-time PINS sent over text, carrying an authentication device dedicated to just one service or needing to use a personal cell phone. They need solutions that enable them to do their work securely without constant frustration.
Easy, seamless online interactions have become the norm. However, convenience must be balanced with security. The FIDO Alliance and the FIDO protocols are changing the nature of authentication by using standards to replace passwords. Replacing passwords means more security, and using standards means that the same protocol can be used across many websites and applications. Currently, today, FIDO can be implemented in ways that make sense to a business—physical USB authenticators, Bluetooth, NFC and more.
Raising a Higher Standard
Your midsized company is not too small for cybercriminals’ notice. They often seek the low-hanging fruit of valuable data in an organization that likely doesn’t have enterprise-level security. With 73 percent of midsized companies suffering data breaches, it’s time to step up security measures—and this includes adding authentication and encryption to your arsenal. These tools are now available at an affordable price point and more user-friendly. Use the guidelines above as best practices to raise your security profile so that criminals will no longer find your network worth the effort.