A growing imperative for small and medium size organizations
Small and medium sized organizations have a responsibility to provide secure, resilient, and accessible digital presence for their many diverse stakeholders. Increasing legal and compliance requirements demand a secure environment that respects staff, customer, and beneficiaries’ right to privacy. Many government and businesses have started mandating minimum cyber security and data protection standards for organizations and failure to meet their standards may result in loss of customers or loss of funding.
Why is your organization an easy target?
Many SMBs handle sensitive information which may include financial data, health data, personally identifiable information, or other highly confidential matters, which can make them attractive targets for both state and criminal actors. At the same time, malicious actors know that many SMBs lack the resources to modernize their technology and sufficiently protect themselves, making them easy targets for attack.
How does your security readiness stack-up?
Whether executives know it or not, cyber security and data protection are two of the most pressing issues SMB organizations face in 2020. Any business operating on outdated hardware and software is putting their organization and their stakeholders at risk. Most of the headlines talking about cyber attacks are about big, well-known businesses. Yet SMB organizations are especially vulnerable. Discounting this real threat can lead to inadequate security protections. Consider the following:
- 58% of breaches took place at small businesses
- The average cost of an SMB data breach is $120K
- 62% lack the skills in-house to deal with security issues
These statistics demonstrate many SMB organizations have a significant amount of work to do to bring their cyber security and privacy practices up to date. The case is clear: SMBs must make cyber security a priority in 2020 and they must take the necessary steps to protect their customer and beneficiaries.
The biggest security pains
- Email: Sub par antivirus antispam doesn’t catch attacks. Users click on ransomware and phishing links. Users accidentally send confidential data
- User credentials: Users have same passwords across all accounts, increasing risk if compromised. Attackers can easily steal credentials, then steal your money and take your files hostage.
- Mobility: Devices and laptops with company data can be lost or stolen. Inability to control who can access data.
- Compliance: Standards don’t change based on company size. Requirements for GDPR, CCPA, CMMC, HIPAA, and other regulations are rigorous and complex.
How do you combat security threats?
Determining the best approach to security gets more difficult as attacks grow more sophisticated. To make matters worse, employees and volunteers use a wider array of devices and applications, and data flows into and out of your organization through more channels. The following questions can help guide your organization’s decision makers to prioritize intelligent security:
- Do you know who is accessing your data?
- Can you manage access to your data and assets based on risk in real-time?
- Can you quickly find and react to a breach?
- Can you help protect your data on devices, in the cloud, and in transit?
The security functions you should be implementing
To help you answer the questions above, we recommend looking into the following security areas:
- Identity & Access Management: Secure the front door. Protect users’ identities and control access to valuable resources with conditional access based on user risk level.
- Information Protection: Secure content. Protect information in documents and emails with encryption that travels with them as they move inside and outside your organization
- Threat Protection: Secure environments. Strengthen your pre-breach posture with built-in threat protection, and recover quickly with automated remediation when attacked.
- Security Management: Secure devices. Use security management tools to gain end-to-end visibility of your organization and manage policy centrally