Think cybersecurity is just for large corporations? Believe you are immune to attacks because your small business doesn’t have a website or your company doesn't store anything of value. You are not alone. A survey by Manta in March 2017, shows that 87% of small businesses don’t feel at risk. Over one third are not prepared in the event of attack. IT security is simply not where small businesses are putting their budget dollars. Ironically, no business is too small to be a victim.
The 2016 Small & Medium Business Cybersecurity Report reveals some startling statistics. Over the last 12 months, hackers have breached over half of all US small businesses. That is a whopping 14 million businesses. Sadly, more than 60% of those go out of business within the next six months as a result of the attack.
Today, hackers just want to make a quick buck. Small businesses are easy prey as most do not have an IT department or deploy firewalls, antivirus protection, or spam filters. In fact, owners wouldn’t know where to start. In March of this year, the US Senate proposed the Main Street Cybersecurity Act which would define a set of guidelines for small businesses to follow in order to manage their risk of attack. This legislation would become part of the Cybersecurity Enhancement Act of 2014 which currently sets the guidelines for large businesses.
While the state of cybersecurity in 2017 is projected to decline at an alarming rate, there are safeguards small businesses can employ that won’t break the budget:
1. Create a culture of security awareness
a) Train employees how to quickly scan an email to make sure links are safe, steps when a breach occurs and who to contact. This training should include field workers if they have a company email address. Phishing emails are the largest triggers for ransomware attacks.
b) Train management team on acceptable digital footprints - What is safe to post on LinkedIn, Facebook and other social media. This practice can reduce Spoofing emails which target accounting employees with a request using the owner or president’s name to wire large amounts of money to a particular bank account.
c) Password protect all computers, laptops and even mobile devices. Train employees how to select strong passwords (I prefer pass phrases), answer security questions, and use dual authentication whenever possible. Force password changes at regular intervals.
2. Keep software patches and updates current especially antivirus protection. Setup up auto updates whenever possible.
3. Provide a firewall for your internet connection and use password protection for your Wifi network.
4. Most importantly, keep good backups! A regular practice backing up critical data is essential in recovering from an attack. Store backups offsite or in the cloud whenever possible.
While no individual or company is immune to cyberattacks, putting a few standard practices into place can significantly reduce your business’ risk. More information on cybersecurity and security awareness training can be found at www.dhs.gov/stopthinkconnect, www.nist.gov or by contacting me at firstname.lastname@example.org.