The stories about major companies, hospitals, city governments, and huge retail operations being hacked or crippled by cyber-attacks are becoming daily news items. Recently, the federal government tasked the Department of Homeland Security to take specific actions to counter cyber attacks. So, if giant corporations and governments are struggling with the problem, you also need to know how to secure your business against similar threats.
Digital technology has provided small businesses with tools they could only dream about a few decades ago. ERP and CRM systems gather, organize, and share all kinds of data allowing for faster, more efficient, and more profitable operations. Information on customers, finances, manufacturing processes, accounting, human resources, and a host of other categories are now easily accessible by authorized individuals.
But what happens if those systems are corrupted or hacked? What kind of damage and liability would you face if your data systems were compromised? If you think you are too small for a hacker’s attention, think again. Anyone with connected devices is vulnerable to cyber-attacks. As a responsible business owner, you owe it to yourself, your customers, and your employees to establish a plan of action to secure your operations from a cyber intrusion.
Small Business Cybersecurity Threats
There are many ways your company can be hacked, but the most common (and successful) include:
- Phishing. Also known as Business Email Compromise (BEC) remains one of the most common forms of cyber attack striking 7700 organizations per month and costing businesses $5 billion over the past three years. Phishing relies on tricking an email recipient into opening an attachment or clicking on a link to a malware-laden website.
- Drive-by Downloads. These are malicious websites that attempt to download malware onto your device without permission.
- Man-In-The-Middle. This is an eavesdropping attack associated with unsecured public Wi-Fi. The eavesdropper injects himself between two parties allowing him access to both parties’ data. For example, an outside salesperson sitting in a coffee shop taking an order from a customer on a smartphone can potentially expose both to a cyber hack. Once a device is penetrated, malware can access or corrupt all the data that the device has access to.
Basics on Securing Your Business from Cyber Attack
Cybersecurity is an industry unto itself, so it is unlikely you will be able to produce a security plan that is 100% effective. To give you an idea of the scope of cybersecurity, check out this NIST report. However, as a minimum, you should consider:
- Staff Education. Educate your staff on the threat of cyberattacks, the damage they can cause, and what they can do to reduce the risk. As phishing demonstrates, the weak link is often the person operating the device.
- Antivirus Software and Updates. Ensure each of your computers/devices have antivirus and antispyware software uploaded. These programs are available from multiple reputable vendors. Antivirus software, and all software, are regularly updated to fix new security vulnerabilities. Make certain all of these updates and patches are implemented in a timely fashion. Better yet, set all software to update automatically.
- Secure Networks. Use a firewall and encryption software to safeguard your internet connection if your network is run on Wi-Fi, set your wireless router, so it does not broadcast the network name.
- Strong Passwords. Passwords are the easiest (and cheapest) way to prevent unauthorized access to networks and data. A strong password should be at least ten characters and include uppercase and lowercase letters, at least one number, and a special symbol.
- Backup Critical Data. Regularly (daily) backup critical/sensitive data i.e., customer list, financial reports, accounts receivable and payable, vendor purchase orders. Store the backup in a secure area.
Small businesses are prime targets for cybercriminals because they have information (customer names, credit card numbers, etc.) that are easily marketed on the dark internet. Additionally, small businesses are less likely to have the IT resources or infrastructure that larger organizations have.
A former CEO of Cisco said there are two kinds of companies, those that have been hacked and those who have been hacked but don’t know it yet. Cybercrime is a real threat. Take action now to bolster your defenses.
ASCEND Business Advisory is at your service with business advisory, tax and accounting services. Call today, 888 297-3321.