Build a Cybersecurity Fortress to Keep Your Data Secure

Midsize companies may not have millions to spend on cybersecurity, but with the right approach, they can defend themselves from attack.

Cybercrime isn’t something that only happens to large companies. In fact, midsize businesses are especially vulnerable, because cybercriminals see them as easy, lucrative targets. According to PwC’s The Global State of Information Security® Survey 2016, midsize companies in North America were more likely than others to have experienced at least 50 data security incidents in the previous 12 months (40 percent vs. 32 percent). At the same time, these companies lack the resources larger companies can devote to combating cyber crime. The good news is that protecting your company’s data doesn’t have to break the bank. What’s needed, says Scott Schober, author of Hacked Again and chief executive officer of Berkeley Varitronics Systems in Metuchen, N.J., is a layered approach with four lines of defense:

  1. People. All the technology in the world can’t protect your data from breach if employees, customers and other users don’t understand the threats they face. “More and more, basic education and training goes to the top of my list of recommendations,” Schober says. “I’m amazed at just how pervasive issues such as weak passwords are, even in sophisticated organizations.” Training should include not only how to create strong passwords, but also best practices for handling sensitive data and how to recognize so-called social engineering techniques that hackers employ, such as phishing. (Phishing attacks use email or malicious websites to solicit security information by posing as a trustworthy organization.)
  2. Policy. Company policy should mirror and reinforce training and education. These policies might address safe handling of data, who has access to certain data and how employees may or may not use personal devices for company business. Many policies can be reinforced by technology, such as requiring appropriately complex passwords and multifactor authentication (for example, inputting a code sent by text message in addition to a password).
  3. Technology. It is a given that companies should install and maintain antivirus and anti-malware software, but it is equally important to understand the limitations of these applications. “By some estimates, antivirus programs detect as little as 5 percent of malicious code,” Schober says. Encryption is an additional level of software protection. Do you know where your data is stored? The answer is, increasingly, “in the cloud,” but that can mean many things, and security experts seem to be of two minds when it comes to cloud-based solutions. Many feel they provide smaller organizations with enterprise-level protection, while others — Schober included — are wary of any solution that means storing your data where you don’t have complete control over it. If you do store your data in the cloud, he cautions, don’t assume every vendor is the same. “Ask simple questions,” he offers. “Is it encrypted? How often is it backed up? What happens if they have maintenance problems?” Technology solutions should also include a comprehensive backup program.
  4. Planning. Backups are fine if data has been destroyed, but what if it falls into the wrong hands? Any cybersecurity plan should include a team capable of reacting swiftly when issues arise, whether a potential threat or an actual breach. In addition to technical experts, your team should have expertise (internal or external) in communication, legal issues and risk management. It should also have the authority to make quick, informed decisions. Part of planning may include a cybersecurity insurance policy, which can limit the financial impact of certain incidents. Schober also recommends having an independent vulnerability assessment, a relatively inexpensive way to uncover vulnerabilities and learn how to address them.

In the end, there is no magic bullet to preventing cyber crime. “Nothing is 100 percent foolproof,” Schober cautions. But, he adds, “you don’t have to spend millions of dollars to stay safe. It’s more a matter of developing a security culture mindset.”


On a scale from 1 to 5, with 1 being 'Not Good' and 5 being 'Excellent', how would you rate this article?

Press enter to submit your rating

Rate this Article

Use this form to provide additional feedback based on the rating you provided.

Thanks for Rating

Would you like to provide feedback?

Thanks for your feedback!

This information is general in nature and is provided for educational purposes only. Information provided should not be relied on or interpreted as accounting, financial planning, investment, legal, or tax advice. Regions encourages you to consult a professional for advice applicable to your specific situation. Information provided and statements made by individuals who are not employees of Regions are the views, opinions, or positions of the individual who made the statement and do not necessarily reflect the policies, views, opinions, and positions of Regions. Regions makes no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information presented.