October 3, 2022 By Suzanne Robertson

As a small business owner, you might think that cybersecurity concerns are just for the big guys. After all, data crimes that make the news are usually for high-profile companies. 

See if you pre-qualify

But it’s not just large organizations getting compromised. Small businesses can get hit by ransomware, email attacks, insider threats, data leaks, phishing scams, malware, and more.

We’ve gathered information to help you understand the importance of cybersecurity if you own a small business.

October is Cybersecurity Awareness Month

Since 2004, the President and Congress have declared October to be Cybersecurity Awareness Month, with the goal of helping individuals protect themselves online as threats to technology and confidential data become more commonplace.

This year’s campaign theme — “See Yourself in Cyber” — demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. October 2024 will focus on the “people” part of cybersecurity, providing information and resources to help educate the public and ensure all individuals and organizations make smart cybersecurity decisions.

What is Cybersecurity?

According to Wikipedia® , computer security, also known as cybersecurity or IT security, is the protection of information systems from theft or damage to the hardware, the software and to the information stored on them.

Cybersecurity strategies include controlling physical access to the hardware as well as protecting against harm that may come via network access. Security breaches can happen due to malpractice by operators, whether intentional or accidental. Users can also be tricked into deviating from secure procedures.

Cybersecurity Statistics

Cybersecurity failures in large companies gets big coverage in the media. Top stories include the Colonial Pipeline® breach, the JBS® breach, fallout from the Microsoft Exchange® breach, and a massive Facebook® data leak. But the little guys are getting hit too. Below are troubling statistics that can impact the bottom line of your business:

  • Since 2020, small businesses have seen a 424% increase in cyberattacks
  • One-third of small businesses report using free, consumer-grade cybersecurity
  • The average cost of insider-related cyber incidents was $7.68 million
  • Ransomware is the most common threat to small businesses
  • Phishing is the top threat action for 30% of organizations

How to protect your small business

Here are steps to consider when reviewing the cybersecurity of your business:

  • Require long, varied passwords for any sensitive accounts
    Everyone should be aware that using “123 Password” to secure your information is a bad idea. Make sure your vital accounts are password protected and only employees who need the information have the log-in credentials. Use a program like the Secure Password Generator® to create fool-proof passwords.
  • Enable two-factor authentication for any sensitive accounts
    With 2-factor authentication, an extra layer of security is added to your account to prevent someone from logging in, even if they have your password. This extra security measure requires you to verify your identity using a randomized code sent via text or email.
 
  • Invest in basic cybersecurity training so employees can avoid common pitfalls
    Human error is a leading cause of cyber security incidents—and an ounce of prevention is worth a pound of cure. With security teams shrinking and the remote workforce expanding the digital landscape, it's time for small businesses to put employee cyber security training on the front burner. Make sure your training addresses these common security issues:
    • Phishing attacks - Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure
    • Malware attacks - A malware attack is a common cyberattack where malware (normally malicious software) executes unauthorized actions on the victim's system. The malicious software is also known as a virus.
    • Ransomware - Ransomware is malware designed to deny a user or organization access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key, these malware place organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files.
  • Install and regularly update anti-virus software
    Antivirus software is used to prevent, scan, detect and delete viruses from a computer. Once installed, most antivirus software runs automatically in the background to provide real-time protection against virus attacks. To explore top brands, visit Capterra®, capterra.com, for features, pricing, and real customer reviews.
  • Limit employees’ access to sensitive data
    Divide your data into categories, and make sure sensitive data is protected and can be accessed only by authorized employees who have a legitimate reason to access it. If sensitive data must be sent across less-trusted networks, make sure it's encrypted.
  • Conduct regular vulnerability tests and risk assessments
    In a nutshell, risk is the potential for loss, damage or destruction of assets or data caused by a cyber threat. A vulnerability is a weakness in your infrastructure, networks or applications that potentially exposes you to threats. Create a system and schedule to keep your operations secure.
  • Work with an expert
    Like plumbing and electrical work, you sometimes need to call in an expert. If you need to test a new site or conduct risk assessment, contact an expert to make sure your data is secure. Work with a professional who has experience in your industry and small business security.

While these suggestions are a helpful start, you might need additional protection. Each business is unique with their own security needs, so it’s important to do an assessment of your own business’s cybersecurity needs.

Additional resources

The Small Business Administration (SBA) has an excellent list of tips to help you keep your company and data safe here: Top Ten Cybersecurity Tips. Strategies include educating employees about cyber threats and holding them accountable as well as establishing security practices and policies to protect sensitive information.

Additional resources are available from the office of Homeland Security. The Stop.Think.Connect. toolkit is filled with tips, fact sheets, and shareable resources. Access the kit here: www.dhs.gov/stopthinkconnect-toolkit.