Cybersecurity: Best Practice for Small/Medium-Sized Businesses

While large corporations can spend a great deal of money on cybersecurity measures, the smaller business owners are seen as an easy target for hackers and other cybercriminals. A 2018 survey showed that the number of SMBs affected has grown from 55% in 2016 to 55% in 2018. Looking at best practices and making sure that these are implemented is one of the easiest ways to make a system more secure.

Software Development and Architecture

Software developers are not typically responsible for system security so it is vital to make sure that the system architecture is secure. An architect should look at the following factors and maintain standard security protocols:

• Database backups — these must be done regularly to protect from large data loss
• Database protection — Query protection must be built in to prevent SQL injection attacks.
• Cookies, cache, local data, input validation — all of these will help prevent code being exposed online
• IP Address Blocking — you can block international IP addresses if needed. This is useful if you only trade in certain areas.
• Data encryption — vital if any financial or other important customer data is stored. Remove data that is not needed immediately
• User Access Restriction: Good password security and role-based access help prevent breaches in the system.
• Enforce the password policy with frequent mandatory updates and two-factor authentication
• Staff training — security training on specific risks like phishing attacks
• Access control — device, facility and network access must be protected. Staff should be trained in simple measures like password protection and screen locking
• Disaster planning — treat an attack as inevitable and plan for it. A plan should cover what happens internally and how you will inform clients of a breach

Ways to Protect Security Post-development

Cybercriminals change their mode of attack often so once an app is developed you will need to continue to bolster your security regime. Some of the recommended methods are:

Managed Service Providers — identify risks, help with planning and solutions, damage limitation. This is useful where there is no in-house security team which is often the case in SMBs.

Proactive Security Monitoring — cloud services often offer these extra options to keep your system secure. These involve alerting your company to status changes on the server and some services also provide tools to scan your code and highlight any vulnerabilities.

Do Your Research

Make sure you keep abreast of all the changes in cybersecurity. Some companies specialize in keeping up to date with all the new methods of attack and will scan your code and provide timely updates. They can be expensive but if you hold a lot of data it may well be worth the cost.

Prepare for Disaster

Client communication must be built into disaster planning and there should be a method of informing them of the breach, any countermeasures and how secure their data is. Your team must be able to move quickly to limit the damage and eliminate the threat. There must be a plan in place before any breach occurs so that they can take the appropriate action immediately.

If you’re looking for a company that provides ERP integration and other software development services contact us.