Data security is perhaps one of the most critical issues for small businesses, and yet it is almost never a top priority for companies in America. An alarming fact is that an overwhelming 87% of small business owners don’t think cyber-attacks are a problem for them. However, about half of all small businesses experience a cyber attack!
Small businesses are especially vulnerable, and most of them are unprepared for a cyber attack. They often have a reservoir of data and lack sophisticated security measures to adequately protect that data. Attacker can steal money, employee data, customer data, or other sensitive information. Hackers frequently use stolen information to sell on the dark web or launch additional attacks through compromised networks. An even more disturbing trend is the increase in ransomware, which could cost hundreds of thousands or millions of dollars.
The bottom line is that a data breach or system compromise can damage your relationships and ability to do business. Approximately half of the small businesses that have a cyber attack go out of business within six months, and most do not even detect a breach for at least six months .
As the old saying goes, an ounce of prevention is better than a pound of cure! To that end, we wanted to share a few precautionary measures which can go a long way towards helping small business owners keep their enterprises safe from online criminal activity. By understanding the threats of the digital domain, businesses are better prepared to manage the cybersecurity issue.
Use these seven tips to better defend your business against cyber attacks.
1. Create Backups
Regularly backup the information on computers. If the information is stolen or goes missing, you should have another copy somewhere else. This will help with “Disaster Recovery” (commonly referred to as DR) and Continuity of Operations (CONOPS) in the event that an attack does occur.
All important information should have a copy. For example, you might keep vendor information on your desktop. But, you might also have a copy stored in the cloud. Both copies should be secured. You can use encryption and passwords to protect all your important information.
2. Regular Security Updates
Regularly checking for new versions of software and security updates from 3rd party vendors is extremely important. This includes desktop and server patching, but also can extend to mobileware and middle-tier systems in your information architecture.
Cloud software should be automatically updated by the provider.
If your employees use mobile devices, computers or laptops for work, make sure you have a good policy in place for device management, and help or ensure that they use updated apps, including a security app to protect from potential attacks.
Here are some good resources for checking software vulnerabilities.
3. Employee Training
All good cybersecurity professionals will tell you that the human is the weakest link. Employees can play a critical role in enhancing their cybersecurity. Often a spam phone call or spear phishing email can mislead an untrained (or trained but not vigilant) employee and extract critical information.
Establish a cybersecurity policy (consulting an IT expert) for your business. It should contain cybersecurity best practices that you expect employees to follow. Paste these instructions near the landline phone or POS system to serve as a constant reminder.
Mandatory pieces of training every 6 to 12 months should be deployed to make sure employees are well aware at all times. Your policy should also contain protocols and measures that employees must adhere to in case there is a breach. There are many good online and affordable training tools, but whether you use one of them or roll-your-own, make sure they pass a basic quiz at the end!
4. Safely Secure & End-of-Life Equipment
Simple office equipment such as your copier, printer and fax machines are also computers. Eg. The login information from your printer can be used by a hacker to gain access to an employee’s work! Thus, it’s important to keep an eye out for simple office equipment.
Hackers are always on the hunt for any vulnerability! Making sure that you’ve enabled encryption and data overwriting on these essential devices is super important. Use password protection and change the password frequently, typically every 12 months. If you dispose of office equipment, make sure to erase any memory on the devices.
5. Limit Access
Unauthorized people should not have access to company computers and accounts. Make sure you have a good access control policy and ways to enforce it. Even a well-known, trusted person shouldn’t be allowed to access computers and information that they are normally unauthorized to use. For example, you shouldn’t let a client borrow a company laptop to look something up.
Employees of different ranks and positions might have different access to technology. Employees shouldn’t share information to their accounts. For example, an accountant shouldn’t share their small business accounting software password with a salesperson.
Have individual logins for employees whenever possible. This can help you limit the privileges of certain employees.
6. Secure Your WiFi with WPA2 Enterprise
Your business’s WiFi can be an easy way to access data. Secure your WiFi so only employees can access it. If possible, set up the WiFi in a way that prevents employees from knowing the password. Even good encryption protocols such as WEP are very easy to crack for a dedicated attacker. The safest bet is to use WPA2-Enterprise encryption with a strong key.
If you want an open WiFi for customers to use, set up on a segregated network and monitor and log all traffic. Guests should not have the same WiFi access as employees. This will help prevent unwanted people from joining business WiFi and accessing files.
7. Consult a Cyber Security Expert
A cyber security expert is aware of the common traps hackers use.They are thus, the best people to rely on for securing your data. From regularly updating your computers,
mobile devices to making sure your data is secure and encrypted, cyber security experts take care of everything. Consulting a professional shall help you get in the best measures in place for your respective business operations.
What's at stake for small business owners?
On average, cyberattacks cost small businesses over $50,000 per event, according to a study published by Continuum technology consulting. The losses for large organizations are much more.
In the Continuum survey, business owners who employ 10 to 49 employees revealed that network breaches cost them, on average, more than $40,000 for each incident. Companies with 50 to 249 employees reported losses close to $50,000 per occurrence, and business owners who employed 250 to 1,000 people reported average losses close to $65,000 for each incident.
Cybersecurity for your organization is a collaborative effort with your I.T. management and employees – but the first step begins with the awareness that I.T. risk is a part of corporate risk management. Get a strategy, get policies in place, and get a continuity plan!
Ekta Flow LLC provides partial or full-service IT managed services and Cybersecurity solutions for small to medium-sized businesses. Concerned and need advice on building a robust environment for your business? Book a free session and learn how we can help!
Ekta is a unique hybrid of energetic, creative, and experienced tech-lovers. This blend makes it possible for us to understand and connect your vision with the right tools, which is the heart of our success.
We are here to understand you and your mission and put technology to work for that aim. Whether it’s getting a hold of your data, cybersecurity, product development, systems engineering, or artificial intelligence, our team can help you put the right tools in place.