Symantec, a well-known cyber security company, partnered with National Cyber Security Alliance to investigate small businesses and how they are affected by cybercrime. What they found was surprising: 83 percent of these companies have no specific plan in place to protect against cybercrime and 69 percent have no plan at all. Yet more than 70 percent of these same businesses rely on the internet to perform their daily business tasks.
The majority believe that cyber-attacks are isolated incidents and won't affect them. But the fact is, small businesses are more vulnerable to these kind of attacks than larger businesses because they don't have the resources to protect themselves. Some people foolishly see it as an unnecessary expense and would rather leave their security to chance.
"It will never happen to us"
The main issue with cyber crime is that people, especially small business owners, believe it will never happen to them, despite knowing that the fallout from a security breach could lead to irreparable damage to their company. Small businesses are becoming favored targets of online criminals simply because they are usually ill-prepared for such an attack.
Small businesses are attractive for another reason: large companies are investing larger amounts into security, which makes them harder to breach, whereas smaller businesses invest next to nothing. Additionally, if a small company partners with a larger one, they can be used as an access point into the larger company's system once they're breached. This makes online crime twice as painful for the small business owner because their inability to protect themselves can end up costing their partners in a huge way.
Awareness is Critical
Losing customers and the trust of partners can effectively crush a business to the point where there is no turning back. Small companies need to be aware of what's at risk. By not having a well-defined action plan in place for internet security they are putting the life and reputation of their business at risk. Additionally, they are making their business and trade partners--as well as their clients'--information vulnerable to exposure.
Small businesses often don't have the technology resources nor do they have the finances needed to fund protection software -- or so they believe. Staying informed, making a plan, and following it are relatively low in cost compared to the repercussions a breach could have on reputation, partnerships, employee morale, and overall business health.
Just as you would stay up to date on industry trends, it is also important to stay on top of cyber security trends. There are many excellent resources available that can deliver the latest news and security measures. One example is Krebs on Security, a site run by Brian Krebs, a former news reporter turned blogger who writes investigative stories on cybercrime. Other good resources include Security Week and InfoSecurity magazine.
Do what you can to stay informed, do it consistently, and communicate the concerns and plan to your employees on a regular basis. Online security is not a one-time action; it is an ongoing practice and should be treated as such.
Use Cyber Tools to Fight Hacking and Other Breaches
Some of the technology-based security measures every company should be employing are firewalls and antivirus and malware protection. These are the most basic tools you should have, and they are not that expensive to implement. Most offer their basic protection packages for free; however, if you want to further ensure your company's protection, most software packages also offer a subscription-based service. Securing your Wi-Fi and password codes that protect your Internet service is also essential. Small businesses (especially those with partners) should encrypt all emails, files, and other sensitive information.
If your company uses hosted servers, be sure they are hosted by a reputable company that has your data secure. While it may seem cost effective to go for cheaper options, be warned that this may come at the cost of protection. It is also imperative that all your data is backed up on a separate server as a precaution.
A ransomware attack is a new type of threat, wherein a cyber criminal will take your data or connected devices hostage and encrypt them. They will then offer a decryption key at a price of their choosing. If you don't pay up, they will usually threaten to destroy your data. Even if you do pay them, there is no stopping them from repeatedly doing it. Knowing that someone out there has full control of your business can be a frightening experience. To make matters worse, any money you do send them is virtually untraceable when they insist you pay them in Bitcoin.
Your First Line of Defense
Criminals often get to your company's assets via your employees or their accounts, which is why you need to keep your employees informed. Discuss security issues consistently by having security meetings with them. Educate them on potential hacking, social engineering, and phishing techniques that may be used against them. Develop a strong password policy in your company and ensure your employees do not store passwords in a file on their computer or on a piece of paper at their desk. Your employees are your first line of defense in most attacks, so they need to be equipped and trained to ward off these attacks.
A good way to test your employees is to routinely attempt simulated attacks yourself by sending phishing emails or other social engineering schemes. Give employees a point of contact to report any suspicious activity and if needed, allow them to report anonymously.
Two-Step Authentication
To mitigate the risk of being a victim a good protocol to use is two-step authentication to access your data, even if that data is stored in the cloud.
Two-step authentication can be done via email or mobile phone. After you've input your password, you will then be sent a separate code to your email address or mobile phone. This additional step makes it hard for hackers to access your data because even if they can have your password, it is unlikely they also have your mobile phone or access to your email.
Protecting accounts from cyber crime and keeping your methods up-to-date is one of the most important practices a business needs to carry out these days. Cyber criminals are smart, and the measures you put in place today won't necessarily work in the future once they figure out a way around them, which is why staying vigilant should always be at the top of your list.