Protect your small business from a security breach with these tips.
The internet is like oxygen for many small businesses—without it, operations would fail. But the risk of doing business online is that companies, both large and small, also open themselves up to cyberattacks. Sixty-one percent of small and midsize businesses said they experienced a cyberattack and data breach in 2017, according to the 2017 State of Cybersecurity in Small and Medium-sized Businesses report.
Hackers can exploit IT systems to access information about customers, such as credit card and banking information, personal, or health information that could be sold on the black market or used in future acts of fraud. Some attacks involve infiltrating a company’s IT services and infrastructure using ransomware to block a company’s access to data and then demanding money to regain access. Another tact hackers will use is compromising your website so they can redirect traffic elsewhere or phish customers for sensitive data, says Yonathan Klijnsma, threat researcher at RiskIQ, a digital risk management company.
The good news is that processes and procedures used to protect your company’s data do not cost much. “From our experience, the most effective methods to mitigate risk are all free, or extremely low cost, to implement,” says Joshua Motta, founder and CEO of Coalition, Inc., a cyber insurance company. So make cybersecurity a priority and put this list at the top of your to-dos in 2019:
1. Spring Clean Your Passwords
Encourage employees to create passwords that are strong and unique. This helps prevent “brute forcing” or “credential stuffing,” essentially trial-and-error password and username entry. In fact, 81 percent of hacking-related breaches involve stolen and/or weak passwords, according to Verizon’s 2017 Data Breach Investigations Report. “You absolutely want to change your passwords when a major breach happens with another organization that you have a login to,” Klijnsma says. He recommends using a password manager so that employees don’t have to remember constantly-changing passwords. They’ll also be less tempted to use easy passwords.
2. Set up Two-Factor Authentication
No, you don’t have to use it for every log-in and email account associated with your business. But you do want to use multi-factor authentication for critical business services like corporate email accounts, VPNs, and financial accounts, says Motta. This type of authentication uses something the user has and knows (think a bank card and PIN code at the ATM or entering a password online and then having a code texted to your phone) to beef up security.
3. Keep Stuff Offsite
You probably already know that you should back up your systems on a regular basis. But if you store those files on your main business network, you’re leaving them vulnerable to hackers. Instead, set up a process where back-ups are stored offsite (whether that means an external hard drive or separate cloud account). This will help you recover your data after a breach, which is “more than half the battle,” Motta says.
4. Train Your Team
In most instances, knowledge is power. Fifty-four percent of data breaches were caused by a negligent employee or contractor, according to the 2017 State of Cybersecurity in Small and Medium-sized Businesses report. The training can be as straightforward as reminding people to leave their work laptops in a secure location when offsite and to change their passwords periodically. If wire transfers and bank transfers are a part of your business operations, train your team to get in the habit of calling the intended recipient to verify all information and confirm wire instructions before making any transfers.
If employees seem to tune out, remind them that cybersecurity is a vital part of every business. “Businesses can lose both revenue and customer trust if they don’t have the right safeguards in place,” says Jen Taylor, Head of Products at Cloudflare, Inc., an internet performance and security company. Getting everyone on board with preventing attacks is essential to keeping your business’ data protected.
While taking preventative measures to reduce the possibility of a cyberattack is important, this alone isn’t foolproof. As small businesses continue to implement various forms of technology solutions, cyber-liability insurance is a preventative measure any small business owner should consider. With relatively inexpensive coverage, cyber-liability insurance can provide additional coverage that liability or business insurance doesn’t cover.
For more information on cybersecurity products, benefits, and insurance coverage, visit http://www.NFIB.com/cybersecurity-resources.