Here’s what small business owners can do to protect their companies against cyberattacks.
Running your own business has long been — and still remains — an endeavor that holds the potential for financial success and a sense of personal accomplishment. And while the technological advancements of the digital age have made entrepreneurship a more realistic and convenient pursuit, they have also introduced a new set of concerns and potential threats that don’t always get the time, attention and resources necessary.
We don’t think anyone intentionally says, ‘I don’t care about cybersecurity, They just don’t realize how highly vulnerable they can be to things like fraud, cyber scams, and the loss of intellectual property.
Despite the very real threats, many small business owners remain in the dark about how to develop a cybersecurity strategy for their business. However, one of the most effective places to start is by asking the following questions:
- What do I want to protect?
- What are my overarching security policies and goals?
- Who has access to my network?
- What is the value of my company’s and employees’ intellectual property?
- What is the nature of the service agreement I have with my Internet provider?
When small business owners start with these questions, they can then begin to implement a small business cybersecurity strategy that makes the most sense for their companies.
Awareness is Key
Budget is a top-of-mind priority for small businesses in particular, but as Kennedy points out, there are plenty of precautions a business can take that won’t break the bank. “Often it is more about awareness than anything else,” he says.
For most small businesses, some of the most effective strategies for raising awareness include:
- Educating employees on potential cyber threats and scams, raising the level of awareness across the board.
- Ensuring that all computers associated with the company are equipped with anti-virus and anti-malware software.
- Requiring dual authorization — a system where two employees must approve and sign off on a particular transaction before it can be executed — to help prevent payment fraud.
- Encouraging employees to question anything and everything that seems unusual, such as email requests for money transfers or unsolicited business inquiries from overseas.
Whether an owner is in a position to spend on cybersecurity or not, Kennedy says that practices like frequently changing passwords — every 90 days is a good rule of thumb — and using established and reliable brands when it comes to applications and software are practical and cost-effective steps to take when trying to mitigate a potentially devastating hack.
Finally, Kennedy also encourages his clients to ask questions. “We encourage all small business owners to ask the tough questions and make sure their businesses are safe for today and in the future.”
Ultimately, understanding your business’s risks and being vigilant in addressing them is key.
Here’s what small business owners can do to better protect their data from cybercriminals.
From Wall Street to Main Street, businesses of all sizes are targeted by cybercriminals with increasing frequency. While small companies might think they are less likely targets, they’re often more prone to attacks than major firms. According to research by the Ponemon Institute, 72% of SMBs have experienced at least one cyberattack in their company’s lifetime. What’s more, Beazley Breach Response Services finds that roughly 62% of ransomware attacks target small and medium-sized businesses.
While big corporations typically house large and more extensive amounts of data, they also have the financial resources necessary to build a robust cybersecurity structure. With that in mind, comparatively, some small businesses may be easier for cybercriminals to target.
Thankfully, there are a few simple and affordable measures small business owners can take in order to improve their cybersecurity and better safeguard their business against data theft.
Make Passwords Your First Line of Defense
According to Verizon’s annual Data Breach Investigations Report, over 80% of hacking-related breaches are the result of compromised or weak passwords. As a result, one of the best no-cost measures a company can implement is to require the use of strong passwords.
When creating passwords, consider the following:
- Use a strong combination of upper and lowercase letters, numbers, and symbols
- Use the longest password or passphrase permissible
- Enable multi-factor authentication when available
- Do not reuse passwords — create a unique password for each account
- Avoid passwords that reference personal information or include any words that can be found in the dictionary
Arm Your Employees With Knowledge
As a business leader, staying informed and arming employees with knowledge about best security practices can help create another budget-friendly line of defense.
Verizon’s Data Breach Investigations Report shows that human mistakes are responsible for more than 1 in 5 data breaches. In some cases, cyber criminals may also leverage publicly shared information in order to conduct business email compromise schemes.
Thankfully, employee training can go a long way toward thwarting cyberattacks. An effective anti-fraud training program should cover a broad range of topics. In addition to ensuring your employees know how to spot the signs of phishing attacks and business email compromise, ensure that your employees are well-versed on the types of company information they’re permitted to share online — especially through social media. Remember, an employee training program is also key to both preventing payment fraud and deterring internal fraud.
If your company is like most modern businesses, its desktops, laptops, mobile phones, and other electronics are used to access internet and Wi-Fi connections. In that case, it’s tough to get around the need for a firewall.
Firewalls come in hardware and software forms and restrict outside access to your computers and the information they contain. They also scan for malicious traffic and software, blocking risky content from entering devices.
Hardware firewalls can be efficient for businesses with multiple computers working on one network because they act as a filter, scanning incoming information before it’s passed to networked computers. Certain internet service providers offer routers with integrated firewalls, where some protection is already built in at no additional cost.
Software firewalls provide a similar filtering function. While most operating systems feature some type of firewall, convenience must be weighed against risk, as firewall software typically runs on the device it’s working to protect.
Additional layers of firewall protection can be purchased through internet service providers, computer stores, and software companies.
Some critical security measures come at a cost. Perhaps the most important measure is backing up company data in case of theft or loss.
Solutions can come in the form of local backups, where a physical storage medium is kept close to the electronic data source, or cloud-based services that are accessed remotely. The amount of data in any backup can be full or partial, and the backup frequency may vary depending on the particular needs of the business.
Increasingly popular are cloud-based services. Cloud-based data is easily scalable, allowing users to pay for as much storage as they need at a particular time. An online search can help business owners estimate storage costs, as most service providers offer tools to calculate fees based on volume of data storage.
The government’s United States Computer Emergency Readiness Team recommends anti-virus software, in addition to firewall protection and data backups.
Depending on your company’s risk level, you may also want to look into anti-malware, password and data encryption, endpoint detection response systems, and spam filters, all of which can be deployed at a cost.
Create a Data Breach Response Plan
Data breaches have become an increasingly significant threat in recent years, and when one occurs, time is of the essence. The longer it takes a company to respond to a security breach, the worse the collateral and financial damage. For organizations, this means that in addition to investing in cybersecurity, having a solid response plan in place can potentially help reduce the overall impact of a data breach. Learn more about how to create a data breach response plan for your business.
Cybersecurity software and practices need to be kept current. That means updating operating systems, browsers, and any cybersecurity software running on your company’s devices and networks, as well as your security guidelines.
And while the level of your company’s cybersecurity may depend on your budget, a fraction of resources — including time allocated for data protection — can go a long way.
Every day without proper data protection is a day that your hard-earned proprietary information, your customers’ data, and even the sustainability of your business is left vulnerable.