The year 2024 has felt like the year of data breaches. Large data breach after data breach has been announced with no end in sight. Large companies like AT&T, United Healthcare (Change Healthcare), and Snowflake (TicketMaster, Advance Auto Parts, TEG) have all fallen victim to data being exposed and taken. TechCrunch reports over 1 billion records have been stolen so far in 2024. Not to leave others out, companies like Nissan, Trello, and DropBox have reported data breaches too. Bluefin reports that the cost of cybercrime is heading towards $9.5 trillion US dollars. These are really just a small handful of many companies and organizations that have become victims of cybercrimes.
Don’t stop, won’t stop
Cybercriminals are ever evolving in their methodologies and tools used to infiltrate business networks. Cyber criminals don’t stop, won’t stop. Because of this, it is up to each one of us to combat cybercrime and to protect our business information like every other asset we own. Otherwise we will keep hearing story after story of new and worse cyber attacks.
What you can do
It can be difficult to identify a starting line, especially with a complex subject like cybersecurity. Where does one start if nothing more than anti-virus has been used by the business? There can really be several critical security items that need to be addressed immediately, but where to start.
I recommend starting with identification. This involved identifying your data, meaning to really know and understand the data the business stores and processes. Basically what is the data the business uses and how is it used.
Next we want to identify all of our devices that connect to the network. This allows insight into the devices that require protection. The devices on our network are really the interface between your data and the cybercriminal. Protecting the devices is crucial to protecting data.
Lastly I recommend identifying what cybersecurity precautions are already being utilized by the business. This can range from what business policies the business has, like email policies, privacy policies, and acceptable use policies. This also includes what technology is already deployed by the business, such as endpoint protection, network firewalls, identity protection (MFA, password managers, etc.), and any other tools used or solutions deployed for security.
By starting here, the business has identified its data, discovered all their business devices, and cataloged what they are already doing to secure the business.
So let’s not add our small businesses to the year of data breaches.
Subscribe to our monthly email newsletter to keep your small business up-to-date on all the latest cybersecurity news! For more information on protecting your small business from cyberattacks and other cybersecurity topics check out Small Business, Big Threat!