October is National Cyber Security Awareness Month, making now a good opportunity for companies to rethink how they’re protecting their information assets. There’s no business that’s too big or too small to need an information security strategy. According to the Better Business Bureau, 43 percent of all attacks last year targeted small businesses. Meanwhile, an organization you would think is too dangerous to target and too secure to be breached, fell victim: the NSA was hacked.

Protecting Your Business in a Dangerous World

Given the likelihood of becoming a target, how can companies protect themselves? There are three necessary steps.

1. Identify your vulnerabilities: Start by identifying the aspects of your business that make you vulnerable, or that are valuable enough to be targeted by cyber criminals. This means reviewing your network configuration, your hardware devices, and the software you use. It also requires identifying vulnerabilities introduced by cloud and BYOD computing, which can first require discovering where those technologies are used. You should also review your applications and databases to identify the ones that process or store the most sensitive information.

2. Raise awareness: Your employees are your first line of defense but also your biggest threat. Many data breaches are inside jobs, theft of data by disgruntled employees or those stressed by financial or other challenges. But most of the risk of data loss by employees is caused by a lack of awareness. Employees need reminders on the importance of secure passwords, explanations why they shouldn’t use file-sharing services that seem to streamline their workflows, and help recognizing phishing and social engineering techniques. Even your smartest, most dedicated employees may fall for CEO phishing, which convinces them an email came from senior management.

3. Implement defensive measures: Make sure you have basic security measures, such as firewalls and antivirus software, in place. Don’t rely on out-of-the-box configurations but tailor them to your specific requirements. You need an ongoing process to ensure you update antivirus definitions and install security patches on all your devices for these tools to remain effective. Once you’ve got the basics in place, you can investigate whether you need more advanced cybersecurity tools such as intrusion prevention systems or data loss prevention software.

Reduce Your Risk by Working With Experts

The costs of a data breach start at a few thousand dollars but can reach much higher for a large incident like the one at Target, which amounted to more than $100 million. Because of the high risks and costs, companies can benefit greatly from working with an expert team to evaluate their information security requirements and implement an effective solution.

Related: 5 Ways a Data Breach Can Cost You

Prescient Solutions has almost 20 years’ experience helping companies of all sizes tackle their information technology needs, including security. Our team has experience and certification with advanced cybersecurity products like Fortinet and Watchguard. Contact us for a free infrastructure assessment to identify and prioritize your vulnerabilities and discuss how our services can make your information, and your business, more secure.

Additional Business Cybersecurity Resources:

Encryption: Are You Missing the Last Line of Defense?

Take Precautions So Your Smart Devices Don’t Introduce Stupid Security Risks

Don’t Ignore Reminders to Update Your Software