We’re only a few weeks into 2018, but it’s already feeling a lot like last year for security experts. Forever 21 alerted its customers to a data breach. Jason’s Deli warned customers their credit card information may have been stolen. A DHS breach exposed the personally identifiable information of over 250,000 people.
All this, and we hadn’t even made it to February!
According to the 2017 Cyber Risk Preparedness and Response Survey, 66 percent of the 2,400 security and IT professionals interviewed said their organization is not prepared to recover from cyber attacks, and with the way 2018 is already shaping up, their lack of preparation is not a good sign. Furthermore, while attacks on big box stores and major financial institutions dominate headlines, 61 percent of breaches hit smaller businesses last year, up from 53 percent the year before. With smaller budgets and less-established cybersecurity protocols, the impact of a data breach on small to medium-sized businesses (SMBs) can be catastrophic, especially when considering that 60 percent of small businesses go out of business within six months of an attack.
As today’s threat landscape continues to evolve, it’s crucial for SMBs to stay one step ahead of cybercriminals. The problem is most approaches are already out of date. Read on for tips on determining whether your SMB needs a cybersecurity overhaul in 2018, and how to actually keep your security resolutions throughout the year.
Two-factor authentication is your customers’ primary authentication method.
Despite the numerous experts out there touting two-factor authentication (2FA) as a fraud prevention godsend, the truth is, it’s a weak band-aid at best. The false promise of 2FA lies in that many brands are still reluctant to make it mandatory, for fear of sacrificing the user experience. That opt-in feature, unfortunately, leaves users vulnerable to scams. Sound familiar? If it does, your SMB needs to offer customers an authentication method that’s secure, but user-friendly, like multi-factor authentication (MFA). Additionally, thanks to screen and facial biometrics incorporated into the iPhone X and Samsung Galaxy 8, MFA will only become easier to implement, and as a result, more widely adopted. Embracing these layered authentication methods paves the way for a better user experience and tighter security controls for SMBs.
Your fraud and infosec departments are siloed.
Businesses of all sizes aren’t doing themselves any favors by keeping fraud and infosec separate—but they are giving hackers a helping hand. For a lot of SMBs, the CISO and the IT department responsible for information and data are in one camp, and the risk and compliance executives dealing with fraud are in another. Today’s fraudsters are infuriatingly agile and sophisticated, quickly adjusting course when fraud prevention solutions succeed. To keep your customers best protected, SMBs must match hackers’ quick-wittedness on the organizational side. 2018 is the time to unite fraud and infosec as a cohesive unit so that SMBs can provide their customers with stronger security measures and fraud prevention solutions.
You haven’t embraced the phone-as-wallet movement.
Today’s wallets aren’t leather bi-folds anymore. As the growing legions of on-demand applications like Uber and Venmo continue to eradicate the need to physically carry cash or a credit card, smartphones are quickly usurping the physical wallet as the number one accessory people can’t live without. Smartphones hit the cybersecurity sweet spot between customers’ protection and their convenience, and because modern smartphones and apps can together support a range of authentication factors, they’re the ideal platform for multi-factor authentication. This year, SMBs should embrace authentication methods that align with the 21st-century wallet, giving consumers more choices than ever for their online security experience.
If it sounds like your company is in need of a long-list of cybersecurity resolutions, you’re not alone. According to KPMG, only one in five IT leaders (21 percent) stated they were “very well” positioned to identify and deal with a current or near future cyber attack. By taking the steps today to shift your organization’s security strategy, by this time next year, improved cybersecurity won’t merely be a resolution—it will be a way of life.
About Scott Waddell
Scott began his career in information security as a charter member of the Air Force Information Warfare Center, pioneering tools and techniques for automated vulnerability assessment and incident response.