Cyberattacks are an ever-growing concern in the U.S.—and not just among big companies. Small- and medium-sized businesses are beginning to realize that they, too, are vulnerable and need to make cybersecurity a top priority. Indeed, small businesses possess valuable information and, in most cases, lack the security of larger companies, thereby making them prime targets for nefarious characters.
We all know the world runs on computers and the Internet, yet we only realize the extent of our reliance on technology once something goes wrong, and it’s not business as usual. If you’re among the 88% of small business owners in the U.S. worried that their business is susceptible to a cyberattack, here are a few ways you can protect yourself from data breaches and other cyber disasters.
Rise of the Cyberattacks
Cyberattacks—ransomware attacks, specifically—have been making headlines in 2021. First, we saw the incident that crippled Colonial Pipeline for five days and triggered fuel shortages and supply-chain headaches. Colonial was forced to pay the group DarkSide $5 million in bitcoin—$2.3 million of which was later recovered by the Department of Justice.
Since then, another attack targeted Florida-based IT company Kaseya and infected over 200 U.S. businesses that use its corporate software.
And, more recently, the U.S. and China have been trading barbs, with the Biden Administration directly accusing China of perpetrating a massive hack of Microsoft.
In short, cybersecurity is likely top of mind these days. As a business owner, here’s your to-do list.
#1: Prioritize Cybersecurity
According to the Ponemon Institute’s 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses, cyberattacks increased 20% between 2016 and 2019, while 66% of SMBs had experienced a cyberattack in the previous 12 months.
With the increasing prevalence of cyberattacks and cyber risk, businesses need to implement more robust cybersecurity measures. The consequences of cyberattacks can be catastrophic, and they include lost productivity, data breaches, and costs associated with restoring operations.
Prioritizing cybersecurity means understanding your risk of an attack. A cybersecurity risk assessment is a good starting point and will enable you to identify which assets could be targeted in an attack. Once you have determined the risks, the next step is to develop an action plan to address them.
One possible approach is to hire an external expert to review your business. They can conduct threat assessments, penetration testing, and vulnerability management. If a dedicated expert is out of your budget, then check out the Federal Communications Commission’s Cyberplanner for more of a DIY approach.
With regard to payment processing specifically, you should work with your payment processor or bank to make sure they are using the most up-to-date and robust anti-fraud systems. Likewise, avoid using the same computer to process payments and surf the Internet.
And speaking of fraud, encourage customers to use more secure payment methods like chip cards, which are much more secure than their traditional magnetic-strip cousins.
#2: Train Your Employees
Your employees, while your biggest asset, may well be your greatest liability when it comes to cybersecurity. According to the SBA, employees and emails are a leading cause of data breaches for small businesses.
With that in mind, here are some employee best practices, courtesy of the National Cybersecurity Alliance:
- Keep software up to date—including operating systems and applications
- Use a stronger passphrase—as opposed to a simple password—for home Wi-Fi and wired networks (which is crucial these days given that so many employees are working from home)
- Keep personal passwords and work passwords separate
- Add two-factor authentication to business and personal accounts when possible
- Avoid opening links and attachments or downloading any files from unknown email addresses
#3: Know Thy Enemy
When it comes to cyber risk, there are a few bad actors you and your employees should know about:
McAfee defines malware as a broad term used to describe any malicious software that seeks to harm or exploit any programmable device, service, or network. Computer viruses, for example, are a type of malware.
Ransomware is a type of malware that encrypts files on a device and essentially renders them useless. The people behind the attack will then demand a ransom in exchange for the kind service of decrypting them.
This type of malware tends to be highly lucrative, so it’s no surprise that cybercriminals love using it.
Phishing is different from malware and viruses, which are software designed to infect your computer. Rather, phishing involves using emails and text messages to trick people into divulging personal information. For example, they may try to get your passwords, social security number, or even account numbers.
Phishing emails and texts are usually designed to look like they’re from a legitimate company or organization, such as a bank, social networking site, or media company.
Make sure your employees can identify these threats so they don’t compromise the integrity of your business.
As our lives and businesses become ever-more connected and dependent on networks and computers, cyber risk and the potential for disruptive (and costly) events will only grow. According to the FBI, reported losses from cybercrime exceeded $4.2 billion in 2020 alone—and will undoubtedly increase in the years ahead. If you haven’t taken the threat seriously, it’s not too late to make your business resilient.
For more articles like this, be sure to check out the Sekure blog and become a Sekure Insider to receive insights like these, delivered monthly to your inbox.