Running a business can be hard work and take up most of your time. That can make it hard to stay up to date on ever-changing tech and easy to skip safety for speed. With the 2020 Covid-19 outbreak; the way we live and work has changed for almost a year now. Has your business technology evolved with it to fight cybersecurity risks?
May are now working from home or trying to minimize public contact. At the same time, hackers have taken to the internet en masse. Several high-profile businesses including GPS manufacturer Garman have been taken for millions by ransomware. This article from Business Insiders can tell you more about German’s multi-million dollar payout.
Cyberattacks like the 2017 Equifax data breach put the personal data of millions at risk. Small businesses, with less security protection and fewer resources dedicated to cybersecurity compared with larger corporations, are an easier target for hackers.
Small businesses face an average annual cost of $34,604 on cyber-related incidents, and only 52% of small businesses have a strategy around cybersecurity, according to a 2018 report by Hiscox, an insurance provider.
You may think with such profitable targets that you may be safe but even small businesses have fallen victim. If all your computer backups and attached cloud storage were gone; how would your business fair? Here’s information on cyberattacks, and seven tips to protect your small business.
What is a cyberattack?
A cyberattack is an unauthorized attempt to expose, destroy or access your data. Forty-seven percent of small businesses suffered at least one cyberattack in the past year, according to the Hiscox report.
Here are three common types of cyber attacks:
Malware: Short for “malicious software,” malware acts against the intent of the user and can come in the form of a virus, Trojan horse, or worm.
Ransomware is a form of malware that demands money to avoid a negative consequence, such as permanently deleting your data or publishing it publicly.
Phishing: This is when scammers send fraudulent emails or text messages that may look like they’re from a reputable company, like your bank or credit card provider.
Phishing scams often tell you to click a link or open an attachment, and can then steal sensitive data, such as your credit card or website login information.
Man-in-the-middle attack: This type of attack happens when scammers secretly intercept communication between two parties to steal login credentials or account details.
Man-in-the-middle attacks can occur in areas with free public Wi-Fi hot spots, as scammers may set up fake Wi-Fi connections with names that sound similar to a nearby business. Once you’ve connected to the scammer’s Wi-Fi, they can monitor your online activities and steal your personal information, according to Symantec Corporation.
10 Cyber Security Tips for Small Business
Broadband and information technology are powerful factors in small businesses reaching new markets and increasing productivity and efficiency. However, businesses need a cybersecurity strategy to protect their own business, their customers, and their data from growing cybersecurity threats.
1. Train employees in security principles
Establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate Internet use guidelines that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.
2. Protect information, computers, and networks from cyber attacks
Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.
3. Provide firewall security for your Internet connection
A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall.
4. Create a mobile device action plan
Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password-protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
5. Make backup copies of important business data and information
Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly, and store the copies either offsite or in the cloud.
6. Control physical access to your computers and create user accounts for each employee
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and requires strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
7. Secure your Wi-Fi networks
If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router, so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protects access to the router.
8. Employ best practices on payment cards
Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.
9. Limit employee access to data and information, limit authority to install software
Do not provide anyone employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.
10. Passwords and authentication
Require employees to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account.
Don’t Equate Small with Safe
Despite significant cybersecurity exposures, 85 percent of small business owners believe their company is safe from hackers, viruses, malware, or a data breach. This disconnect is largely due to the widespread, albeit mistaken, belief that small businesses are unlikely targets for cyber attacks. In reality, data thieves are simply looking for the path of least resistance. Symantec’s study found that 40 percent of attacks are against organizations with fewer than 500 employees. Outside sources like hackers aren’t the only way your company can be attacked. Often smaller companies have a family-like atmosphere and put too much trust in their employees. This can lead to complacency, which is exactly what a disgruntled or recently fired employee needs to execute an attack on the business.
Attacks Could Destroy Your Businesses large companies continue to get serious about data security, small businesses are becoming increasingly attractive targets—and the results are often devastating for small business owners. According to the Kaspersky Lab, the average annual cost of cyber attacks to small and medium-sized businesses was over $200,000 in 2014. Most small businesses don’t have that kind of money lying around and, as a result, nearly 60 percent of the small businesses victimized by a cyber attack close permanently within six months of the attack. Many of these businesses put off making necessary improvements to their cybersecurity protocols until it was too late because they feared the costs would be prohibitive.