There is a dangerously incorrect mindset that is common amongst small business owners and that is the idea that they are virtually immune to cybercriminals on account of there being ‘not much to steal’.
The reality is that, according to the U.S. Congressional Small Business Committee, 71% of cyber attacks occur upon businesses with fewer than 100 employees. More concerning still, is that a State of SMB CyberSecurity Report found that as much as 50% of all small businesses had experienced a security breach in that past year.
But why is this? Almost all cyber attacks are designed to procure personal data to be used for identity or credit card theft. According to CSO.com, it is the less-secure networks that are commonplace in small businesses that make them ideal targets. Those looking to automate attacks can breach potentially thousands of small businesses in much less time than larger targets.
Without an IT security specialist at your disposal, what can you do to prevent your small business from falling victim to a cyber attack? Here are 8 best cyber security practices you can immediately implement to better protect your business.
1. Install a firewall
The Federal Communications Commision (FCC) recommends that all small-medium businesses install a firewall to create a barrier between cybercriminals and sensitive business data. In addition to external firewalls, many companies are now also setting up internal firewalls for added protection. It is also sometimes overlooked that employees who work from home require a home network firewall as well, so consider providing support and firewall software for your employee’s home networks to ensure comprehensive compliance.
2. Document your cybersecurity protocols
No matter how intuitively or informally you run your small business, one area that is essential to document is that of cybersecurity policies. On-line training is available through the Small Business Administration (SBA) Cybersecurity portal, including checklists and general information on protecting businesses that operate online. Consider utilizing the FCC’s Cyber Planner 2.0 to help you to create your security document and also investing in Security Information and Event Management to spot and respond to security incidents.
Additionally, the C3 Voluntary Program for Small Businesses includes a detailed toolkit for deciding upon and documenting the cybersecurity best practices for your business.
3. Don’t overlook mobile devices
According to the Tech Pro Research BYOD, Wearables and IoT, as many as 59% of businesses cater for employees to use their own devices, so it’s imperative to incorporate this risk into your security plan. With wearables such as smart watches increasing in popularity, it is important to include these devices within a security policy. Norton recommends the requirement of all employees to set up automatic security updates and ensure that the business’s password policy be applied to all mobile devices that have access to the network.
4. Prioritize employee education
Small businesses often require employees to wear many hats, making it all the more essential that they are all adequately trained on the business’s network cyber security policies.
As cybercriminals become savvier, it’s imperative to regularly review and update your security protocols. For employee accountability, ensure that each employee has read a company handback and signs an acknowledgement document stating that they have received and understood the policies, as well as the consequences of not correctly following them.
5. Ensure safe password practices are upheld
According to a Verizon Data Breach Investigations Report, 63% of data breaches occurred as a result of weak, lost, or stolen passwords. In today’s BYOD (bring your own device) world, it’s more essential than ever to ensure that all employee devices that access the business network are password protected and that original wifi codes are also changed.
It is recommended that all employees ideally be required to use passwords that incorporate upper and lower case letters, as well as numbers and symbols – and that small businesses enforce that all passwords be changed every 60 – 90 days.
6. Backup all data regularly
No matter how well protected we are from cyber attacks, it is still possible to be breached, so protecting your data from loss is vital. It is recommended that you backup databases, word-processing documents, electronic spreadsheets, financial files and accounting records regularly and keep them in a safe, separate location in case of flood or fire. Be sure to back all of your data up in the cloud for maximum protection, too.
7. Utilize multi-factor identification
Regardless of your security preparation, at some stage it is likely that an employee will make a mistake that compromises your data. Using multi-factor identification settings is easy to do on most network and email products and provides an added layer of protection. A solid choice is to use an employee’s cell phone number as a secondary identification form, as it is unlikely that a cybercriminal would have access to both the password and the PIN.
8. Install anti-malware software
While one hopes that all employees know never to open phishing emails, reports indicate that a considerable percentage still do. Phishing attacks are designed to install malware onto devices when the unknown link is clicked, so installing anti-malware onto both the business network and all accessing devices is essential.
Cyber criminals advance in their security-breaching skills every day, making the effective security of your business data an ever-moving target. It is essential that you train your employees to prioritize cyber security and that you stay ahead of the latest trends when it comes to new forms of attack and emerging technologies that prevent cybercrime. The longevity of your business may depend on it.