Cybersecurity for Your Small Business
What cybersecurity can your business implement to protect from hacking? There’s no way to be 100% secure, but there’s a lot you can do to keep yourself safe.
Computer and cybersecurity are hot-button issues for all businesses. Even the largest, most well-known companies have fallen prey to hackers and data theft. Cyberattacks can wreak havoc on your businesses’ well-being, accrued data, and finances. As tech becomes more advanced, these kinds of attacks will become even more of a threat.
The reality of running a small business is that time is money. Another reality of small business is that you may not have extra funds to throw away – every dollar counts. While a huge corporation has the human resources and finances to recover from a cybersecurity breach, a small business may not be so lucky. In cybersecurity as in many other areas of business, an ounce of prevention is worth a pound of cure. It’s a lot cheaper to put safety measures in place than to try to clean up after a breach.
What can your business do to protect from cyberattacks and hacking? First, you should make yourself aware of the potential cyber threats. Second, you should take reasonable steps to protect your tech, data, and company. There’s no way to be 100% secure, but there’s a lot you can do to keep yourself safe.
Common Small Business Cyber Security Threats
Cybersecurity is not just one issue or threat. Cyber threats can take many different forms. When we picture “hacking,” it’s easy to think of someone sitting in a dark room, punching in 1s and 0s like the Matrix and digging directly into your bank account. In reality, there are a ton of different ways hackers can get into your system. It’s extremely difficult to actually get to your bank accounts and move money such that it can’t be tracked, so that’s rarely the target.
Instead, hackers will often look for ways to get control of your data and either sell it off on the black market or hold it for ransom. They’re looking for cash, so they either want to force you to pay or they want to get personal information they can sell to others who use it for identity theft. That information may relate to your business, your employees, or your customers and all of you are at risk for identity theft.
So, how can they get into your system?
1. Mobile Malware
Do you know where your apps came from? Most of them are provided by reputable developers and are safe. But it’s also possible to download an app that conceals “malware,” which can be used to compromise your mobile devices. So, don’t ever download an app you don’t need. And for the apps you do need, make sure to double-check that you’re getting the right version from the right developer-sometimes hackers will create apps that look just like legitimate apps in order to trick you. You can also end up with malware from opening a bad email attachment or downloading something from the internet; hackers will try to make the attachments or downloads look legitimate so you don’t spot the threat.
“Ransomware” is a virus that locks you out of your device and encrypts the data in it. Without the right key, you can’t get to that data. And in order to get the key, hackers will demand that you send them a certain amount of money, often in the form of Bitcoin so that it’s nearly untraceable. Like malware, ransomware often ends up on your machine through an email attachment or a download.
Phishing is the fastest-growing cyber threat to small businesses. “Phishing” is when a cybercriminal invents a scam to procure sensitive documents or information. One common phishing scheme is when the cybercriminal requests a wire transfer of funds. Typically, phishing involves sending an email that looks like it’s from a legitimate company and offers to send you money, claims that you’re due a refund for some purchase, or that they have sensitive information for you and need you to verify your identity. They’ll try to get people to send in account numbers, social security numbers, and other sensitive information and sell that info on the black market.
4. Social Media Security and Human Error
Social media is a great avenue for small businesses to connect in real-time with their customers or clients. The downside of social media is that social media can be a fertile ground for cyber attacks on businesses. Social media offers opportunities similar to phishing, and you or an employee may unwittingly reveal information that compromises your data or systems. In most security systems, the human element is the weakest link – antivirus and malware protection systems are pretty effective but there’s nothing they can do if you offer up your own info.
Protecting Your Small Business from Cyberthreats
Remember, hackers aren’t sitting in a dark room and cracking into your system. In reality, a hack almost always takes human error in the form of revealing information, downloading a bad attachment, or clicking a bad link. Here are the top actionable ways pros say you can protect against the most prevalent cybersecurity threats.
1. Cyber Security Training for All Staff
The best defense against cyberattacks is knowledge. That means you need to hold training sessions for all of your staff about how to spot potential scams and about avoiding unknown emails and links. Consider bringing in an outside specialist that can run the training and help you set up systems to keep cybersecurity at the forefront of everyone’s minds.
In the same vein, make sure you have clear policies about how business and customer information should be handled. Check in regularly to ensure that everyone is staying on track.
2. Secure and Hide Your Networks
Most small businesses depend on the Internet to get their daily work done. But, how do you know if your small business Internet connection is safe? It’s important to use a firewall to safeguard your connection.
You can also encrypt your information to protect it. Experts advise keeping all Wi-Fi connections hidden for security reasons. Hiding your Wi-Fi networks means that you set up your router so it does not broadcast the network name (SSID). Also, be sure to password protect access to the router for another layer of security.
On the flip side, remind employees to be careful of connecting to public Wi-Fi hotspots. It’s tempting to work from Starbucks, but those networks are unprotected and make it easier for someone waiting nearby to get access to your information.
3. Use Antivirus Software and Anti-spyware
Antivirus software and anti-spyware can protect your small business from viruses and other issues. Ensure that all your technology and mobile devices have the appropriate software. Also make sure you’re installing the most up-to-date patches and updates. Patches can help prevent cyberattacks and can be configured to update automatically.
4. Password Protection
Passwords offer cyber protection. Make sure all your tech and mobile devices are password protected. Employees should also have their own passwords. All company passwords should be changed frequently.
Finally, passwords should be strong-don’t use the names of pets, children, friends, street names, your birth year, or anything easily guessable. And every account should have a unique password. Of course, we choose short, familiar passwords because they’re easy to remember. The good news is that there are ways to deal with complicated passwords. First, use a password protector such as Lastpass. With those types of systems, you set up an account with a master password, and then it stores your other passwords for you. You only have to remember the master password and the program will fill in the rest for you.
That master password also needs to be secure, but it doesn’t have to be gibberish – experts suggest using a passphrase rather than a password. You can just pick up a dictionary and pick 6 or 7 random words and then throw in a couple of symbols or numbers in the middle. That’s a lot easier to remember than a random string of characters and a lot more secure than a short password.
5. Hire a Pro to Assess Your Risks
Since cybersecurity risks are always growing and evolving, it may be hard to stay on top of the latest issues. The threats are also highly technical and if you’re not in the cybersecurity business, it can be tough to even know what you’re fighting against. Business experts advise that it may be worth hiring an outside consultant to review your cyber risks. These pros can help assess current risks and help you set up the proper cybersecurity to stay safe.
6. Back Up Often
If someone does compromise your data, the last thing you want is for that to be the only copy of that data you have. You have to back it up. Cloud storage is great, but you also want to have a separate storage system (one that isn’t connected to the internet). You may back important files onto disks or external drives but do it often. That way if your data is compromised, you can simply go back to the most recent backup before the hack. This should include financial files, databases, account information, customer data, and human resources files.
7. Protect Forms of Payment
Credit card and banking fraud is a huge, costly issue. Experts advise that all small businesses should work with their banks to make sure that the safest, most up-to-date anti-fraud services are being used. To find out how to update to safer credit card chip technology, visit SBA.gov/EMV.
8. Educate Yourself
To learn more detailed information on how small businesses can prevent cyber attacks, visit the SBA’s free online course Cybersecurity for Small Business.
After A Hack
If you become the victim of a hack, the first thing to do is change your passwords. If you can’t get in to do that, you need to contact the companies providing the services (your bank, your email provider, etc.) and let them know. You should also contact law enforcement so they can start working to track down the hackers. Finally, you should get in touch with a cybersecurity expert so they can help you determine the extent of the damage and what steps you need to take to recover.
Note that if your customers’ data has been compromised, you need to let them know ASAP. Talk to your cybersecurity expert about what the risks to your customers are, make sure you send a clear message, and keep customers updated as the case develops.
Protect Your Small Business Data
Cybersecurity is an increasingly important issue for all businesses. As tech continues to become more advanced, so do the number of ways that tech can be compromised. Take steps to educate yourself and your employees about cyber threats and take the necessary steps to safeguard your small business.