Alex Helfand, ENCE, Computer Forensic Specialist

As an executive, what keeps you up at night? Many leaders fret about revenue growth, client retention, and, increasingly, the possibility of fraud or cyberattacks. If you are worried about your business’s cybersecurity, you’re not alone: a recent survey (PDF) by the National Small Business Association (NSBA) shows that 94% of business owners are worried about this issue.

Unfortunately, these fears are not baseless. Nearly half of the survey respondents reported that their businesses were victims of cyberattacks, and recent research from Symantec reports that there was a 42% surge in internet attacks during 2012. In addition to data losses and service interruptions, these attacks can be costly. NSBA respondents reported average losses of $7,000 when their bank accounts were hacked.

October is National Cybersecurity Awareness Month, so it is a great time to look at what you can do to protect your entity. While different industries face different security challenges, and you can never fully mitigate the risk, there are several simple steps you can take to help protect your assets and information.

Internal Controls and Policies. Just like you have internal controls for your financial processes, you need controls and policies around your IT assets, as well. Ensure that passwords are changed and access is removed for terminated employees as soon as possible, and limit employee access to sensitive data.

Develop and communicate clear policies for employees regarding what devices they can use, what types of programs/applications they can download, and how to securely access Wi-Fi when needed. Without clear, communicated policies around your company’s IT, even the strongest controls will not do much to significantly decrease your organization’s vulnerability.

Regularly Update Security Programs. An out-of-date antivirus software is almost as ineffective as not having one at all. Don’t ignore those little pop-ups and reminders to download the latest update, and make sure your employees don’t, either.

Backup Your Data. Even with the right controls in place, your digital assets may still be compromised. It’s important to backup your financial, legal, and client information on a regular basis. Set backup processes to run automatically so that they are not subject to human error (i.e. – forgetfulness).

Be Knowledgeable About the Cloud. Cloud-based storage offers a variety of benefits, especially for smaller entities that do not have internal IT staff. However, you are still responsible for your data when it is stored in the cloud, so make sure you fully understand where cloud-based data is stored (in the US or offshore) and your provider’s liability to protect the data.

Educate Your Employees. Data breaches are often caused by employees – navigating to sites infected with malware, downloading infected attachments, and/or accessing Wi-Fi from an unsecure location. Educate your employees on your policies and why they are in place. Encourage them to frequently change passwords, and offer guidelines on creating secure passwords.

As mobile devices become more and more prevalent, it is essential to also consider smartphones and tablets in your business cybersecurity plan. You will need to develop policies and controls around protecting data on employee devices (such as mandating a security lock) and also talk to employees about protecting any company data they may have on their phones or tablets.

Cybersecurity is a growing concern for organizations, regardless of size. While you can never fully take away the risk of an attack or breach, with some planning, due diligence, and regular review, you can take helpful steps to protect your entity in this important area.