Cybersecurity: 10 Tips to Prepare for Big and Small Threats
When I grew up in small town America, it wasn’t unusual to leave home with our doors unlocked. But the world has changed dramatically since then and today many people don’t leave their home unprotected even for a brief period of time. Yet, unfortunately that’s what many small businesses do. They leave their most valuable asset, their data, unprotected and vulnerable to a cyber attack.
With all the headlines about cyber breaches, small businesses are worried about their cybersecurity. According to the National Small Business Association (NSBA), more than nine out of 10 small business owners are concerned about cybersecurity—and half were the victim of a cyber attack last year. Small business owners, however, often don’t have the time or IT sophistication to protect their business. As a result, very little may be done, leaving small businesses easy pickins’ for cyber-criminals.
In 2013 Cyberattacks cost small businesses on average $8,699 per attack, according to the NSBA’s Year-End Economic Report. Last year that number spiked to an average of $20,752 per attack. Among those whose business banking accounts were hacked, the NSBA’s reported average losses were $19,948—up from $6,927 in 2013. But a data breach costs more than dollar and cents. It damages your reputation with your customers and business partners.
Data breaches can be the result of small infractions that are seemingly harmless, such as forgetting to log out of your computer or clicking on a link in social media. But there are also bigger, more orchestrated threats that target small business as well. Therefore, it’s imperative for small business owners to increase their effort to make sure their data, the lifeblood of their businesses, is adequately protected.
Here are 10 tips to help you get protect your small business from both large and small cybersecurity threats.
1. Create a plan. Take a comprehensive look at your business operations and develop a coordinated plan to cover the various aspects. Get your team involved to help you identify potential weak spots. A comprehensive plan should address prevention (how to reduce the risks of a breach) as well as how to remedy a security breach once it has been discovered. Finally, you need to consider the way in which to pay restitution to employees and/or customers who may have experienced losses due to the breach. The Federal Communications Commission has a guide to help you walk through the important elements of creating a plan that is right for your business.
2. Remember that people are human. Make sure everyone in your company is well informed about your security plan and familiar with best practices, such as using a strong password. Review your plan regularly. It only takes one person leaving the door unlocked to put your business at risk.
3. Stay up-to-date on updates. Cyber-criminals are smart. As soon as you think you have the latest and greatest protection, they have figured out a new way to creep in through a cracked window. Make sure you’re updating your software and antivirus protection regularly. Symantec offers an affordable small business security package that might be a good fit for your small business.
4. Keep things on a need to know basis only. Not everyone on your team needs to have access to the same data. Limit the number of people who have access to critical information and change the credentials at least every 90 days.
5. Back up regularly. At a minimum, you should back-up your data weekly and to more than one source — particularly if you are backing up to a server on your premises. I recommend using cloud-based solution. One wrong click or download by an employee can destroy all your critical company data.
6. Be care with your BYOD policy. A growing trend in small business is Bring Your Own Device — or BYOD. The biggest benefit is cost reduction, but it’s also a significant security risk. However, the risks can be minimized with a strict BYOD policy outlining employee obligations with regard to acceptable behavior and use.
7. Make time for training. New scams are constantly popping up that can put your business at risk. Keep your employees informed about red flags to watch out for. For example, it’s always best to verify before you trust anyone asking for proprietary information. Also social media platforms are becoming a major source of viruses and malware and other security risks that could lead to a data breach simply by clicking on a link shared by a “friend.”
8. Know your risk. As the statistics above indicate, small businesses are big targets for cyber-criminals so don’t lull yourself into a false sense of security that cyber-criminals are only interested in big companies and government agencies. These criminals are often most interested in payment information and they recognize many small companies aren’t securing that data. So your business is a particularly attractive target for an easy hit. Attacks on small and mid-sized businesses increased 26 percent and 30 percent respectively last year, according to the Symantec Internet Security Threat Report.
9. Secure your premises. Not all data breaches occur from external cyber-attacks; some are the result of a break-in or lost or stolen equipment, such as a laptop. So make sure you’ve locked up and secured your facility at night. Also, every team member should log-off their computers before they leave the building. It makes it much tougher for criminals to access your proprietary information. Be sure that employees know to report lost or stolen equipment as soon as possible.
10. Be accountable. I recently participated in a Twitter Chat regarding business continuity and data security. Someone asked, “Who is responsible for creating a plan and implementing it?” Simply stated, as the business owner, you are. You can involve team members or solicit outside assistance, but at the end of the day, it’s your business and your responsibility.
Remember, big things can come in small packages. Don’t be caught off guard in your business.