A good excuse to reflect on what your organization is doing to protect itself and what more you can do.

Recognizing the importance of cybersecurity, October is designated National Cyber Security Awareness Month. It is a good excuse to reflect on what your organization is doing to protect itself and what more you can do.

According to the 2012 Small Business Study from the National Cyber Security Alliance and Symantec, surprisingly few businesses are taking adequate steps to protect themselves and their customers from online threats. The survey found that 83 percent of respondents lack a formal cybersecurity plan, which is pretty incredible. Only 17 percent have a plan in place and yet three-quarters (77 percent) of small business owners believe their company is safe from attack. Nearly six out of 10 (59 percent) SMBs do not have a contingency plan outlining procedures for responding and reporting data breach losses. Approximately three out of four (73 percent) indicated that a reliable and trusted Internet presence is critical for their success; 77 percent acknowledged that cybersecurity is important for their brand image. While social media is an increasingly popular vector for phishing attacks, 70 percent of SMBs do not have policies for employee social media use.

Small businesses that have not had a security audit should schedule one today. An audit is the best and only way to fully understand all of your business’s security, technologies and practices as they exist today. The practice can improve online safety practices in a number of areas, especially when it comes to establishing policies and protocols for safe Internet use, with these simple ways to stay safe online:

  • Know what you need to protect: One data breach could mean financial ruin for an SMB. Look at where your information is being stored and used, and protect those areas accordingly.
  • Enforce strong password policies: Passwords with eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?) will help protect your data.
  • Map out a disaster preparedness plan today: Don’t wait until it’s too late. Identify your critical resources, use appropriate security and backup solutions to archive important files, and test frequently.
  • Encrypt confidential information: Implement encryption technologies on desktops, laptops and removable media to protect your confidential information from unauthorized access, providing strong security for intellectual property, customer and partner data.
  • Use a reliable security solution: Today’s solutions do more than just prevent viruses and spam; they scan files regularly for unusual changes in file size, programs that match known malware, suspicious e-mail attachments and other warning signs. It’s the most important step to protect your information.
  • Protect Information Completely: It’s more important than ever to back up your business information. Combine backup solutions with a robust security offering to protect your business from all forms of data loss.
  • Stay up to date: A security solution is only as good as the frequency with which it is updated. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current.
  • Educate employees: Develop Internet security guidelines and educate employees about Internet safety, security and the latest threats, as well as what to do if they misplace information or suspect malware on their machine.

National Cyber Security Awareness Month is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber incident. October 2012 marks the ninth annual National Cyber Security Awareness Month sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center (MS-ISAC).