Avoid these errors to help prevent a cyberattack.
Think you’re too small a business to worry about cybersecurity?
An alarming 80 or so percent of small and medium-size businesses in the United States do not use data protection for company and customer information, according to a study by McAfee, a security technology company.
Here are six other common cybersecurity mistakes your small business should avoid.
1. Unencrypted laptops or cellphones
The most overlooked scenario is the loss of an unencrypted hard drive, says Tom Firestine, a Chicago-based commercial insurance broker. This can be easily fixed, he says, with free built-in software that scrambles the data on phones and laptops in case someone without the encryption password finds the device.
2. Weak password practices
Passwords are the first line of defense, so make sure employees use strong passwords—ones containing uppercase and lowercase letters, numbers and special characters—on all devices, says Bill Carey, vice president of marketing for password manager RoboForm in Washington, D.C. It’s also important to use a unique password for every website and change them every 30 to 60 days, he says. Password management systems, like RoboForm, LastPass and 1Password, can help.
3. Retained access for ex-employees
Eighty-nine percent of former employees retained access to at least one application, including Salesforce, PayPal, email, SharePoint and Facebook, from their previous employer, according to a study conducted by IT services firm Intermedia and Osterman Research. In addition, 49 percent logged into an account after leaving the company. Make sure you’re aware of all log-ins to company accounts, and change the access credentials of departing employees.
4. Downplaying the risk
“One of the biggest cybersecurity mistakes small businesses make is not worrying enough about it, thinking that they as a business don’t have data that other businesses want,” says Allen Falcon, CEO of cloud solutions provider Cumulus Global in Westborough, Massachusetts. “But the reality is that online security breaches are most often about identity theft, and small means easier to hackers. Small business employees use computers to do everyday things, like shop online with credit cards or process customer orders, and if a hacker can steal the account information or identity of just one person, they are happy. If they find a file with 100 customer credit cards, that’s just good luck for them.”
5. Using Wi-Fi hotspots
Many people think there’s no risk to using a Wi-Fi hot spot to email a confidential proposal, conduct online banking, book a flight or perform other confidential business, says Robert Twitchell, Atlanta-based creator of Dispersive Technologies, which provides private networking solutions. But in reality, Twitchell says, these hot spots are a camping ground for hackers who can monitor the traffic going over the Wi-Fi router and see everything from a username and password to websites visited. Mix online banking done on a Wi-Fi hot spot with a sophisticated hacker, and your bank account could be empty before you get back to your office.
6. Lack of staff training
“It’s common for companies to neglect educating their employees about the dangers of phishing or adware scams, and subsequently users don’t know how to either recognize or avoid them,” says Sean O’Donnell, chief technology officer for digital marketing company WebiMax in Camden, New Jersey. “Inaction leaves a company’s sensitive data vulnerable to cybercriminals.” Be sure to take the time to train employees about the danger of cyberattacks and what actions they can take to prevent them.