By Jake Kiser, CEO, StrongKey
Whether in business or cybersecurity, it doesn’t help small businesses to play small. When it comes to cybercrime, hackers don’t discriminate – they see small businesses as easier targets and rich sources of data ripe for the plucking. A report from Cisco found that 53 percent of mid-market businesses have experienced a breach, but you don’t have to be part of that unlucky half.
Because mid-size companies are experiencing hacks just as often as large enterprises, they need a comparable level of security. While this has not always been financially feasible, the market is shifting, and the same tools available to the big fish can be easily implemented in smaller environments.
Three Mid-Market Security Hurdles
Before considering your options, it’s important to do your homework and consider the hurdles you most need to overcome.
The first one is the myth that your company is too small to be of interest to cybercriminals. While this contains an element of humility that you may want to project, it’s a dangerous mindset— hackers know that mid-market companies often don’t have the same financial and personnel resources for security that enterprises do, which makes an unprepared company a sitting duck.
The element of human error is another hurdle. Sure, it’s good to train your employees on security best practices, but it’s even better to put a security system in place so that when an employee eventually slips up, your data is still going to be protected. An employee slip-up is a matter of when, not if, and you want your data to remain protected.
Finally, in mid-sized organizations, resources are often thin and employees wear many hats. People often have to be both the CISO, responsible for mission-critical data security, and the IT Operations lead, responsible for almost anything IT under the sun. Cybersecurity often gets presented in confusing or convoluted ways that are meant for larger organizations, which means legitimately useful products and services do not always get adopted, and cybersecurity falls short. Sometimes, simpler is better.
Four Security Recommendations
With these hurdles in mind, the recommendations below will improve cybersecurity and help decision-makers focus on solutions that provide the strongest protection.
- Implement encryption.
Encryption scrambles data to make it unusable to hackers. It protects like no other security solution can because even if intruders make it past your firewall, they will find only jumbled nonsense.
Encrypting critical data at the source is the strongest way to protect it. The source is the application that brings data in for the first time. Encrypt data here and ensure that only authorized applications may decrypt such data, using FIDO-based strong authentication.
Mid-market companies have traditionally not been able to afford encryption technology, but the market now offers affordable solutions that make enterprise-level encryption available to smaller organizations.
- Get rid of passwords
Intended as a security measure, the age of passwords is ending. They are not only annoying
to use, remember and change, but they are also not secure. In 2017, weak or re-used passwords were responsible for more than 80 percent of breaches. They are no longer safe and, in fact, have become the weakest link in data protection.
- Lose the passwords, empower employees.
Easy, anywhere, 24-hour online access is now an expectation. Workers need solutions that enable them to do their jobs securely without constant frustration. There are frequent complaints of having to rely on one-time PINS sent over text, carrying an authentication device dedicated to just one service, or needing to use a personal cell phone.
However, convenience must be balanced with security. The FIDO Alliance and FIDO protocols are changing the nature of authentication by using standards to replace passwords. Replacing passwords means more security, and using standards means that the same protocol can be used across many websites and applications. FIDO can be implemented in ways that make sense to a business – physical USB authenticators, Bluetooth, NFC and more.
- Find a security advisor.
IT security teams in mid-sized organizations should take advantage of the expertise of a trusted advisor or partner who knows the security space deeply. The market is full of conflicting information, and the security landscape shifts quickly. New vulnerabilities and new threats emerge all the time. Wading through this morass alone, in addition to all your other daily job duties, can prove difficult to impossible. Look for a security advisor with a mindset focused on partnership, and walking through issues alongside their clients.
Malicious actors are in search of easy wins wherever they may be, and they know mid-sized companies are often rich targets. That’s why these organizations are getting hit as often as large companies, and why they need the same level of protection. Keep these security hurdles in mind and use the recommendations above to access the tools and expertise you need to discourage attackers and keep data secure.
About the Author
Jake Kiser is CEO of StrongKey. He is responsible for the company’s business strategy, overseeing the company’s growth of its open-source cybersecurity solutions and a new product line which brings unprecedented security to small and medium enterprises. He has a diverse wealth of experience in building and executing growth strategies in both the corporate and non-profit world, including multinational clients across the United States and sub-Saharan Africa. He received his master’s degree in business administration from Duke University and a bachelor’s degree from the University of Maryland.