All businesses need to protect their networked assets, and securing customer data from the start is a top priority for best practices. Small businesses need to consider what services are worth the investment… and what schemes are worth anticipating. During the panel, experts discussed the best strategies to retain and grow your business during a time of rapid technology development. The panel on Jan. 24 was moderated by Portland Press Herald business editor Carol Coultas.

The panelists were:
Durward Ferland. He helps lead information assurance services at Macpage and advises clients nationwide.
Mark Monnin who currently teaches courses in Cyber Security and Information Technology at the University of Southern Maine
And Rick Simonds, president & COO, Sage Data Security

One in four small busineses will be hacked, according to a recent study commissioned by IBM, and the average cost of recovery from a breach is $3 million. To protect yourselves, Durward Ferland of Macpage, Rick Simonds of Sage Data Security and Mark Monnin, cybersecurity lecturer at USM, shared their insights at the Jan. 24 cybersecurity business breakfast forum. Here are some of their top tips:

Five percent of all workers are using “Winter2018” as their password, and that will change to “Spring 2018” the next time they are required to change it. By nature, people will choose passwords that are easy to remember and convenient. Consider a password manager program for all your employees. The software – some free, some for reasonable fees – will randomly assign passwords for all the platforms your employees need, while retaining a master password that is never exposed.

Cybercriminals are always using new methods, and your company’s entire cybersecurity protection is only as good as your weakest employee. All it takes is one person to open an infected email, download an infected file from Dropbox, or connect to your company’s network via a remote device that is vulnerable to malware. Employee training must be a priority, done at least annually but preferably quarterly.

Don’t try to train a new employee on your company’s data security measures the first day on the job. New employees are already overwhelmed with orientation procedures. Wait a few days and then give a focused, thorough training on database and IT security measures, and emphasize why they are so important. Repeat.

Consider data breach insurance. Like any insuarnce, it won’t prevent a hack, but it could make recovery easier and less painful financially. Most commercial insurance carriers now offer it. Be sure to read the policy in advance to understand what it does and does not cover, such as a ransomware payment.

If your company is embracing the “Internet of things” and using multiple web-connected devices, set up a separate guest network on your Wi-Fi router for those devices. That will help protect your company’s primary network from breaches.

This panel was recorded on January 24, 2018 at the Portland Public Library.