Need proof skimping on security can cost your company? Just ask these two firms

If anyone thinks security measures are expensive, they should see how much recovering from a disaster can cost. It can be so expensive, 60% of small businesses close up shop in the six months following a cyberattack, according to a report by McAfee.

That’s just one reason why security can’t be skimped on, especially in this age of particularly nasty ransomware attacks. There are ways to learn from other companies’ mistakes, by avoiding the security oversights they made that got them into trouble.

These three tips will help you avoid the cybersecurity pitfalls that many small to mid-sized businesses fall into, all without breaking the budget.

1. Double checking who’s at the door

Two-factor authorization (2FA) is an added security measure when logging into accounts on various websites. It not only requires a username and password, but also that a user have access to an alternative method, such as a phone or email account. A verification code is sent to this second method, with the idea that only the authorized user will have access to that secondary method.

It’s useful when shoring up account security, as online music service 8Tracks found out the hard way. One of the company’s techs was using GitHub, an online repository for codes, and didn’t have 2FA enabled.

When the GitHub account was cracked, it contained information that led to the leak of over eight million 8Tracks users. Even if your company’s email is locked down, urge users to enable 2FA across all their accounts. If anyone does work from their personal email or through a third-party site such as GitHub, it’s a risk that could expose company data.

After the attack, 8Tracks said all of its employees would need to enable 2FA for any work-related account, making sure it didn’t happen a second time.

2. Digital lock and key

When your drives are properly encrypted, it makes it so much harder for hackers to crack. It’s also an added protection against physical theft. And an encrypted laptop could save you a hefty fine if your company needs to follow federal standards such as HIPAA.

That’s what happened with CardioNet, when a user’s laptop was stolen out of the car where it had been left. CardioNet was on the hook for a $2.5 million fine because the information wasn’t encrypted.

Windows systems after Vista have built-in encryption with BitLocker, while Mac OS after 10.3 includes FileVault, a similar program.

File encryption shouldn’t be overlooked either. There are several horror stories about admins who have stumbled upon unencrypted shared folders that contained passwords to privileged accounts. You can look into services that encrypt email content as well, such as attachments. Various cloud services and email providers offer this. Check in with yours if you think you might be missing valuable coverage.

3. Search and rescue

If you’re particularly concerned about lost or stolen company devices, see about investing in a hardware location service. Many smart phones and tablets have this standard, but it’s possible to get it for laptops.

These services can not only locate missing devices, they often offer means to wipe them remotely, making sure the data doesn’t fall into the wrong hands.