Small and medium-sized firms fear a cyber attack could put them out of business

Nearly 60% of businesses surveyed said they were concerned about network security threats, and more than 70% said an attack that shut down their networks for a day could potentially bankrupt them.

At the same time, 40% of small and medium-sized businesses outsource their IT operations, which increases the security vulnerability of their networks.

Additional findings of the IT security survey include:

  • Nearly 60% of respondents say telecommuting is a way they plan to trim costs in the year ahead. This can be an IT security risk without adequate security practices and employee awareness.
  • More than 40% of respondents say their organization does not have company policies in place regarding the storage and retention of email, as required by law.
  • Only one in four respondents said they monitor activity to ensure departing employees are not downloading proprietary information. Additionally, 40% have not changed network security passwords associated with certain departing employees.

"Information security threats can be overwhelming and the risks require more than traditional perimeter and host defenses to protect critical business data. The survey findings help show that IT managed services is becoming a 'must have' rather than a 'nice to have' for [small and medium-sized businesses],” observed Jim Lippie, president of Thrive Networks, the IT network services business of Staples Advantage.

Staples Advantage recommends that businesses take the following five steps to improve their network security:

  1. Adopt a multi-layer security strategy. Implement security measures at the file, email, data storage, and gateway levels to properly protect data against viruses. Make sure all systems are up-to-date with security patches and security update downloads.
  2. Use encryption to protect sensitive data. Enable encryption on wireless networks, and use passwords and encryption software to secure individual files. Use file permissions to control access to sensitive data, and consider installing security software that monitors and logs who accesses what data and when.
  3. Invest in multiple secure connections to the internet. Using two connections to the internet, each from a different provider, reduces the potential impact of connectivity interruptions to email, web, and VoIP services.
  4. Avoid hardware failure by investing in hardware redundancy. Use a service that monitors hardware for uptime and critical performance metrics. Monitoring platforms that can dig down to the machine level are best.
  5. Assess service providers carefully. Before choosing an external provider of cloud services or any SaaS application, research their service level agreements, infrastructure, redundancy, and disaster recovery provisions. When possible, use multiple vendors to eliminate single points of service failure.

 

What’s Hot on Infosecurity Magazine?