5 Simple WaysSmall and MediumBusinesses canImprove Online Security
www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFile•	 Introduction•	 Chapter One: Understan...
www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileCyber threats. Data breaches. Hackers. P...
www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileEvery day we engage in risky behavior. T...
www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileChapter 1: Understanding the RisksIf you...
www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileWith a seemingly never ending stream of ...
www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileIn tough economic times it can be hard t...
www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileChapter 3: Train your employeesNow that ...
www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileIf your company has staff members that a...
www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileChapter 4: Create a Security Policy•	 Ex...
www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileYou’ve taken all the steps to implement ...
www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileNow you know what’s required to get your...
www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileUnderstand the RiskKeep up to date on se...
Upcoming SlideShare
Loading in …5
×

5 Simple Ways Small and Medium Businesses Can Improve Online Security

541 views

Published on

Cyber threats. Data breaches. Hackers. Police investigations. Sounds a little like the plot line of the latest Hollywood thriller, doesn’t it? Unfortunately it’s a scenario that’s becoming all too familiar to small and medium business (SMB) owners. A quick Internet search of ‘security breach’ will turn up thousands of results. Chances are the top returns are going to be about major companies who have fallen victim to an online attack. Zappos. Wyndham Hotels. Sony. Large health care organizations aren’t immune either. It’s not often that SMBs are mentioned, an interesting omission considering the very real threat
of cyber attacks on that demographic.

Why does it matter?
Too many SMBs don’t take the necessary precautions to protect their business – leaving their customers vulnerable. While large businesses can bounce back from a breach, that’s not always the case with their smaller counterparts. Large settlements, high forensic
analysis costs and untold damage to a business’s reputation can take a very real toll. There are many reasons SMBs shirk their online security duties. Perhaps there’s a lack of managerial buy-in. At others, time or money could be an issue – maybe it’s both. Some businesses naively think they’re already doing everything they can to protect themselves.
Whatever the reason for not being proactive with online security, now is the time to make some changes. Set your business apart from its competition by being an organization that’s focused on protecting sensitive information. Become a champion to your customers
by letting them know that you value their business enough to take every step necessary to safeguard their private details. Having a vested interest in security means you have a real interest in providing the best service to your customers – and there are no losers
when it comes to reputations built on consumer satisfaction.

Introduction
What is this ebook going to offer you? This ebook will help get you on the right track to security success – and provide you with tips to stay there. We’ve outlined five simple steps that can help protect both your business and customers from being the next
victims of digital crime.

Breaches can occur at any business that stores data in an electronic form. That includes retail stores who take customer contact information for returns, to courier companies that are logging addresses and credit card numbers for delivery. With security breaches on the
rise, it’s time to get active in protecting your business and your customers. Read on for five ways your business can improve its security procedures. At the end of the ebook, you’ll find a checklist of the steps you can take to improve the security at your SMB.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
541
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

5 Simple Ways Small and Medium Businesses Can Improve Online Security

  1. 1. 5 Simple WaysSmall and MediumBusinesses canImprove Online Security
  2. 2. www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFile• Introduction• Chapter One: Understand the Risks• Chapter Two: Perform due Diligence• Chapter Three: Train your Employees• Chapter Four: Create a Security Policy• Chapter Five: Hire Expert Help• Conclusion• ChecklistTable of Contents
  3. 3. www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileCyber threats. Data breaches. Hackers. Policeinvestigations. Sounds a little like the plot line of thelatest Hollywood thriller, doesn’t it? Unfortunately it’sa scenario that’s becoming all too familiar to small andmedium business (SMB) owners.A quick Internet search of ‘security breach’ will turn upthousands of results. Chances are the top returns aregoing to be about major companies who have fallenvictim to an online attack. Zappos. Wyndham Hotels.Sony. Large health care organizations aren’t immuneeither. It’s not often that SMBs are mentioned, aninteresting omission considering the very real threatof cyber attacks on that demographic.Why does it matter?Too many SMBs don’t take the necessary precautionsto protect their business – leaving their customersvulnerable. While large businesses can bounce backfrom a breach, that’s not always the case with theirsmaller counterparts. Large settlements, high forensicanalysis costs and untold damage to a business’sreputation can take a very real toll. There are manyreasons SMBs shirk their online security duties.Perhaps there’s a lack of managerial buy-in. At others,time or money could be an issue – maybe it’s both.Some businesses naively think they’re already doingeverything they can to protect themselves.Whatever the reason for not being proactive with onlinesecurity, now is the time to make some changes. Setyour business apart from its competition by being anorganization that’s focused on protecting sensitiveinformation. Become a champion to your customersby letting them know that you value their businessenough to take every step necessary to safeguardtheir private details. Having a vested interest in securitymeans you have a real interest in providing the bestservice to your customers – and there are no loserswhen it comes to reputations built on consumersatisfaction.IntroductionIntroductionWhat is this ebookgoing to offer you?This ebook will help get you on the right track to securitysuccess – and provide you with tips to stay there.We’ve outlined five simple steps that can help protectboth your business and customers from being the nextvictims of digital crime.Breaches can occur at any business that stores datain an electronic form. That includes retail stores whotake customer contact information for returns, to couriercompanies that are logging addresses and credit cardnumbers for delivery. With security breaches on therise, it’s time to get active in protecting your businessand your customers. Read on for five ways yourbusiness can improve its security procedures. At theend of the ebook, you’ll find a checklist of the stepsyou can take to improve the security at your SMB.
  4. 4. www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileEvery day we engage in risky behavior. Take drivingon a busy highway, for instance. Cars are moving athigh speeds, and while you might be certain you’rebeing safe, you can’t place guarantees on theactions of other vehicles on the road. But thatdoesn’t mean you don’t take the necessaryprecautions to protect yourself. You wear a seatbelt.You never text and drive. You avoid speeding.Shouldn’t you take thesame precautions withyour business?It’s not enough to just understand the risks. You haveto internalize them, and take the steps required toprotect yourself. Many SMBs don’t understand therisks associated with running a business in the digitalage. Business owners are led to believe that breachesonly happen to multinational corporations, not smallcompanies that cater to local audiences. Thanks totheir lower profiles, small businesses don’t considerthemselves a target for cybercrimes or hackers.In actuality, a quick online search demonstrates thatbreaches on SMBs are occurring with greater frequency– Visa reports that an estimated 95% of data breachesoccur at SMBs. Cyber criminals understand that smallbusinesses typically do not have the same strongsecurity standards in place as their bigger counterparts,and as such are easier targets. This puts your business,and the customers it serves, in danger of becominganother statistic on the evening news.Chapter 1:Understandthe RisksChapter 1: Understanding the RisksRecognize Internal ThreatsWhen you’re working at a small business, it’sonly natural that you’re going to be familiar withall of the employees. You might have coffeewith them in the mornings, or share the samelunch break. While it might be hard to believethat these trusted individuals would considercompromising the security of your business,you owe it to your customers to consider thepossibility.
  5. 5. www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileChapter 1: Understanding the RisksIf you’re the owner of a SMB, now is the time to takecharge. You’re taking a great first step by armingyourself with the data required to make important andinformed decisions. If you’re reading this as a staffmember of a small business who’s looking to affectchange in the workplace, take this material, and yourconcerns, to the business owner. Protect yourselfbefore you’re stuck in a crisis.The next step to that is performing due diligence onyour security systems.Think small and medium sized businesses are safefrom security risks? Think again. Here are some eye-opening stats:• Just over one third of businesses have a privacypolicy that employees must comply with whenhandling sensitive customer or employeeinformation.• Less than half of SMBs believe that a databreach would have a real impact on theirbusiness.• Only 31% of SMB owners consider theirbusiness to be ‘very safe’ in the face of variousonline threats.• 83% of businesses surveyed do not have awritten cybersecurity plan.• Less than half of small businesses terminatethe online accounts of employees who haveleft their organization.Source: 2012 NCSA/Symantec National Small Business StudySecurity Step One:Take the time to understandthe risks that could impactyour business – surveyingindustry trends and pastbreaches will help youprepare for the future.
  6. 6. www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileWith a seemingly never ending stream of softwarepatches and security upgrades required, it can seemlike a lot to keep up with all of the security protocolsneeded to keep your business safe. Do you take thetime weekly to ensure that your security systems areup to date? If you do, you’re in the minority. Leavingsecurity systems unpatched is like leaving yourbusiness’ front door wide open. You don’t let justanyone access your cash register, so take the samestance with your confidential data.That’s why small businesses are often an attractivetarget for online criminals. Although they might nothave the same high-profile presence as largerorganizations, their defenses are often lower – allowingfor easier penetration. When you’ve got a small budgetand an even smaller IT team it can be hard to ensurethat all of the resources necessary for security are inplace. That’s why it’s important that you’re extra diligentin protecting the equipment you’ve already got.Many businesses do not take the time required toupdate their Point of Sale (POS) or the hardware thatit’s attached to. According to the “Retail Reputations:A Risky Business” survey from McAfee, 38% of retailersare still running a legacy version of Microsoft Windows.Other businesses are running old or secondhandhardware, which could lead to various vulnerabilitiesand compatibility issues with newer security softwareand applications.Ensure that any third party providers you work withare accountable to regulations and compliancestandards in their own industries. Although it may seemtempting to just click ‘I Agree,’ closely read all termsof service agreements. This will help you understandthe details of your responsibility in regards to databreaches and other issues that could impact yourprivate information, as it is either stored by the thirdparty, or is passing through their system – like a creditcard processor. If the third party is not compliant withregulations such as the Payment Card Industry SecurityStandard (PCI DSS), you could be stuck payingcustomer damages’ if your business is the victim ofan attack.When you’re working with an online provider – creditcard, POS, cloud storage – understand their terms ofservice and security conditions. While appearing tobe a lot of confusing terms and legal jargon, it’s thisinformation that could save you in the future. Don’t beafraid to ask questions – if they’re a reputableorganization they should feel comfortable answeringanything you need to know. Do not hesitate to getinsight from an unbiased third party if required.Chapter 2:Perform Securitydue DiligenceChapter 2: Perform Security due DiligenceSecurity Step Two:Save yourself from securityheartbreak and make timeeach week to ensure yoursystems are up-to-date.Living in the CloudFor many SMBs, cloud services are the bestoption. Cloud applications are often more costeffective and do not require the samecomplicated maintenance of onsite applications.Cloud systems are always up to date, and youcan expect the experts in charge of the platformto implement the security regulations requiredto keep your records safe and secure.
  7. 7. www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileIn tough economic times it can be hard to justify theadditional expense of training. But if it saves yourbusiness from compromising the privacy of yourcustomers, it’s worth it.In workplaces around the world, an increasing numberof employees are using the Internet to complete dailytasks. Whether the roles of your employees requiresthem to engage in communication with customers,conduct business-related research, maintain corporateaccounts and profiles online or an assortment of othertasks, the Internet is one of the most common toolsemployees are using to be successful at their jobs.Unfortunately training on safe Internet usage is notincreasing at the same rate.According to the 2012 NCSA/Symantec National SmallBusiness Study, only 29% of SMBs provide their staffwith training on how to keep their computers secure.Just like with your favorite sports team, you’re only asstrong as your weakest link. The same goes for onlinesecurity. If you have one employee who is downloadingunauthorized material or using an email account thatdoesn’t have a virus scan in place, you run the risk ofinfecting your whole organization.That’s why it’s important to create a culture of training.Ensure that your employees have the skills they needto protect themselves and the interests of your business.The first step to providing training for your employeesis recognizing what areas are the most important toyour business. Are you concerned with the physicalsecurity of your POS or employee workstations? Maybeyou’re more interested in password protection andunderstanding wireless security. After you’ve recognizedthe areas most important to your business, investigatethe resources available to you.Chapter 3:Train yourEmployeesChapter 3: Train your EmployeesInformational EmailsShort informational emails are a great way toshare manageable nuggets of information withstaff on a regular basis. They serve as littlereminders to keep everyone focused on securitywhile completing their daily tasks. If passwordsecurity is an important topic at your business,consider running a whole series on passwordprotection. On the next page you’ll find twoexamples of email templates to share withyour staff on the theme of password security– for a more personalized touch, modify thesetemplates with information that’s relevant to yourorganization.Training doesn’t have to be limited to a traditional one-day workshop. Knowledge sharing comes in manyforms, including webinars, newsletters, formalized in-class training sessions and lunch and learns. Find theformat that works best for you. Try out different methodsof training, and see what gets the most response fromyour employees. Once you’ve found the format thatworks best, you can tailor sessions to really target theneeds of your organization.
  8. 8. www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileChapter 3: Train your employeesNow that you’ve created a more securepassword, it’s important to give it adequateprotection. Commit your password to memoryand avoid writing it down. Do not share yourpassword with others. You wouldn’t share thekey code access to your home with a strangeron the street, right? Think of passwords in thesame fashion. They are responsible forprotecting information that is highly valuable toour business – sales contracts, customercontacts and payment details.If you’re responsible for creating and sharingpasswords with others for shared applications,ensure that the passwords are never deliveredvia email. Instead, share the passwords faceto face, or by telephone if necessary.Security Step Three:Understand the educationgaps of your business andplan sessions that provide thesecurity training required toprotect your assets.Strong passwords are important, but if you lookat a list of the most common passwords you’llnotice that many people don’t put much thoughtinto the process. Strong passwords are requiredto protect important business details, includingclient and payment information. When creatinga password, consider the following:• Passwords should be longer than 6characters• Passwords should contain a mixture of lowercase and capital letters, as well as numbersand symbols when possible• Do not use passwords closely associatedwith your personal life. These includebirthdays, phone numbers, family members,etc.Security training will create a greater feeling oftransparency in your daily business. Employees willrecognize the steps they need to take to keepthemselves and their work materials safe. They willfeel more comfortable asking questions and reportingany strange activity, including online incidents andquestionable emails.Email Template 1: Email Template 1:When sharing isn’t caring:Password protectionDid you know password is themost common password?
  9. 9. www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileIf your company has staff members that access theInternet, you need a security policy. To avoid anyconfusion as to what is and is not acceptable use forcompany devices, it’s important that you clearly layout what is expected of your employees. Just likehuman resource policies that dictate dress codes andstandards on office conduct, security policies provideemployees with guidance on best practices andexpectations.These policies are more than words on paper – ifimplemented correctly they provide your employeeswith the guidelines they need to make safe onlinedecisions. While many employees, especially recentgrads and others that fall into the category of a digitalnative, are comfortable using the Internet and are awareof best practices, other employees with limitedexperience could be a potential liability.Chapter 4:Create aSecurity PolicyWhen it comes to developing a security policy for yourbusiness, it’s important to remember that there is noone size fits all solution. Security policies take differentforms across various industries, organizations and evendepartments. Different staff members may havedifferent clearance levels when it comes to accessprivileges, so they may be governed by stricterregulations. What is important is that you include thedetails that you believe are the most pertinent to yourbusiness. Here are some areas that you shouldconsider including in your security policy. Keep in mindthese are just suggestions, and should be tailored tothe needs and goals of your business.• Present guidelines to all employees onacceptable use of company equipment. Arecompany machines permitted for at home use?Detail your expectations.• Be clear on email guidelines. While almost allemployees will be comfortable and familiar withemail use, do not hesitate to include best practiceson the downloading of attachments, phishingschemes, personal email usage and any otherareas you deem relevant to your business.• Implement password quality parameters.The proliferation of online services means there’san increasing amount of passwords to create andremember. The trouble is, with so many passwords,users may find themselves getting lax on passwordsecurity. Reusing passwords, choosing passwordsthat are easy to remember – and not so difficult tocrack – are common problems. Provide youremployees with password best practices to helpprotect their information, and by extension yourbottom line.Chapter 4: Create a Security Policy
  10. 10. www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileChapter 4: Create a Security Policy• Explicitly outline privacy best practices.If employees are sharing confidential information,make it clear which tools they should be using.Email does not always provide security andconsumer grade file sharing can be vulnerable tooutside attacks. Also ensure that staff membersare well versed on the importance of not sharingtheir passwords with co-workers or outside parties.• Downloading guidelines. Be explicit on what’spermitted to be downloaded – include a list ofapplications and programs that are commonly used.On the same token, if there are other applicationsthat are forbidden it’s important that you outlinethose as well. Consider including a process onwhat to do if an employee is interested indownloading anything that isn’t included on the list.• What happens if you don’t follow the rules?It’s important to conclude your policy with abreakdown of the consequences for any infractions.Employees must know there are repercussions inplace for non-compliance.What about mobile devices?If your business issues mobile devices to itsemployees, don’t neglect to include this in yoursecurity policy. If your workplace practicesBYOD (Bring Your Own Device) you might evenwant to formulate a separate policy on that aswell. Wondering what to include there? We’vegot a blog post that will help you get startedon a BYOD policy for your organization(reading a print copy? Visit bit.ly/tfbyodblog).Once you’ve completed your security policy, take thetime to introduce it to your employees. Staff membersneed to understand not only what the policy requiresof them, but also the importance of the security policyand how it relates to your corporate mission and values.Schedule time to go through the policy either in a groupor one on one setting, ensuring that all employeeshave ample time to ask questions and voice anyconcerns. Employees must understand the role theyplay in preserving the security and integrity of yourbusiness.Your security policy should be written in plain languageso that it is accessible to all employees. Include clearexamples and lists that make concepts easier tounderstand. If applicable, use anecdotes, either factualor fictional, that include your organization so that staffare left with examples that are relatable to their rolein the company. Consider making both electronic andprint versions of your security policy available to staffso that they can easily access a copy from anywhere.Most importantly, always remind your staff they are anintegral component of your security policy and thatyou value their efforts.Security Step Four:Don’t delay on creatinga security policy for yourbusiness. By providing youremployees with guidelinesand best practices onInternet use, you’re settingyour organization up for asafer future.
  11. 11. www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileYou’ve taken all the steps to implement sound securitypractices at your business. You understand the riskssurrounding negligence of security, and recognize thenegative impacts poor practices could have on youand your customers. But sometimes you might requirea little outside help.As a business owner are you responsible for thecybersecurity management of your organization? Inmany cases, SMB owners are burdened with havingto understand and implement security solutions. Youwouldn’t expect your plumber to be able to performthe same tasks as your accountant, so why do youput yourself in a position that requires you to do jobsthat you haven’t had training in?Your company may have an IT expert on payroll, butdo they have the time or skills required to dedicatethemselves to your security needs? Consider hiringoutside help. Security consultants can test forvulnerabilities in your systems, and offer advice onhow to ensure you’re following the most stringentindustry guidelines. Ultimately, they’ll be able to providesound advice on which steps to take towards protectingyour security, and the privacy of your customers.Chapter 5:Hire Expert HelpSupport in the CloudInvolving an external security expert doesn’thave to be complicated. If you’re using cloudservices, support teams can provide you withthe security you require at a price that is alreadyincluded in your monthly fee.Chapter 5: Hire Expert HelpSecurity Step Five:Recognize the areas you need help with, and seek out an expert.It’s okay to ask for help.Your business is your livelihood, so it’simportant to take the required steps to protect it from onlineattacks. Seeking the professional opinion of service providers andoutside consultants can help ensure you have all of your basescovered.
  12. 12. www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileNow you know what’s required to get your SMB on thepath to security success. We know that we don’t haveto tell you twice that when a small-medium businesscloses its doors the entire community is negativelyimpacted. Jobs are lost, the economy feels negativeimplications, and the overall morale of the area takesa downturn. The costs of cybercrime can push smallmedium businesses to bankruptcy – arm yourself withthe right tools so you don’t become a statistic.Security is a top down pursuit. Executive buy-in isessential. If you’re the owner of your business, modelsafe online behaviors for your employees. If you’rean employee, share this document and your personalthoughts on security with the owner and/or managerof the business to enact real change.Taking the time to read this ebook demonstrates yourcommitment to the success of your business throughsecurity. Congratulations on taking the first steps toprotecting yourself and your customers.There are many steps that organizations can take toenhance their online security. If you’re interested inlearning about how secure file sharing can benefityour business and protect your confidential information,contact TitanFile. We’d love to discuss our platform,its collaborative abilities and the impact it could haveon your organization. If you’re looking for a source forsecurity, privacy and collaboration news, be sure tovisit our blog at www.titanfile.com/blog. You can alsofind us some other places online, including:Visit us online: www.titanfile.comFollow us on Twitter: www.twitter.com/titanfileincLike us on Facebook: www.facebook.com/titanfileTitanFile was founded in 2010 with a goal ofdemocratizing security. We do this by providingorganizations of all sizes with a secure file-sharingplatform that permits the protected document exchange,while still encouraging collaboration. Our securecollaboration Channels allow real-time conversation,inspiring subscribers to work together on importantprojects.Author: Martha GallagherDesigner: Matt DupuisConclusionLearn moreAbout TitanFileConclusion
  13. 13. www.titanfile.com+ 1 855 315-6012 | sales@titanfile.com Copyright © 2013 TitanFileUnderstand the RiskKeep up to date on security newsUnderstand common security issues and how they can impact your businessRecognize the areas of your business that require improvements to security protocolsPerform Security Due DiligenceEnsure all of your security software and hardware applications are up to dateDo your homework when dealing with third-party providers. Only choose solutions that areadherent to industry regulationsTrain your EmployeesBegin developing a training plan for your employeesPoll your staff to see if there are any security items they’d like to know more aboutDecide which training format works best for your staffCreate an internal newsletter, or add a new section to yours, that includes security tips and tricksCreate a Security PolicyDecide which areas require the most focus in your security policyActively promote your policy to all staff membersHire Expert HelpRecognize your problem areas and bring in help to troubleshoot solutionsUsing cloud solutions? Involve your service provider to better understand their security protocolsFive Simple Steps forSMB Security ChecklistYou’ve read the ebook and now you’re set to start implementing security at your workplace. We’ve done the legworkand created your to-do-list for you. Simply print this sheet and start checking items off as you work your way tosecurity success.Interested in learning more about how TitanFile can help your SMBimprove its security? Contact us today to learn more.Implementing Security at Checklist

×