October 2021 is Cybersecurity Awareness Month. It’s more important than ever for small businesses, no matter what industry, address their data security needs. The pandemic has resulted in many small businesses pivoting to remote operations for employees and remote payment options for customers. These two situations can present serious cybersecurity concerns. Here’s an overview on the importance of cybersecurity and steps to take if you need more protection.
What is Cybersecurity?
According to Wikipedia® , computer security, also known as cybersecurity or IT security, is the protection of information systems from theft or damage to the hardware, the software and to the information stored on them.
Cybersecurity strategies include controlling physical access to the hardware as well as protecting against harm that may come via network access. Security breaches can happen due to malpractice by operators, whether intentional or accidental. Users can also be tricked into deviating from secure procedures.
2021 Cybersecurity Statistics
Cybersecurity failures in large companies gets big coverage in the media. Top stories include the Colonial Pipeline® breach, the JBS® breach, fallout from the Microsoft Exchange® breach, and a massive Facebook® data leak. But the little guys are getting hit too. Below are troubling statistics that can impact the bottom line of your business:
- Small businesses saw a 424% increase in cyberattacks in 2020
- One-third of small businesses report using free, consumer-grade cybersecurity
- The average cost of insider-related cyber incidents was $7.68 million
- Ransomware is the most common threat to small businesses
- Phishing is the top threat action for 30% of organizations
How to protect your small business
Here are steps to consider when reviewing the cybersecurity of your business:
- Require long, varied passwords for any sensitive accounts
Everyone should be aware that using “123 Password” to secure your information is a bad idea. Make sure your vital accounts are password protected and only employees who need the information have the log-in credentials. Use a program like the Secure Password Generator® to create fool-proof passwords.
- Enable two-factor authentication for any sensitive accounts
With 2-factor authentication, an extra layer of security is added to your account to prevent someone from logging in, even if they have your password. This extra security measure requires you to verify your identity using a randomized code sent via text or email.
- Invest in basic cybersecurity training so employees can avoid common pitfalls
Human error is a leading cause of cyber security incidents—and an ounce of prevention is worth a pound of cure. With security teams shrinking and the remote workforce expanding the digital landscape, it's time for small businesses to put employee cyber security training on the front burner. Make sure your training addresses these common security issues:
- Phishing attacks - Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure
- Malware attacks - A malware attack is a common cyberattack where malware (normally malicious software) executes unauthorized actions on the victim's system. The malicious software is also known as a virus.
- Ransomware - Ransomware is malware designed to deny a user or organization access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key, these malware place organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files.
- Install and regularly update anti-virus software
Antivirus software is used to prevent, scan, detect and delete viruses from a computer. Once installed, most antivirus software runs automatically in the background to provide real-time protection against virus attacks. To explore top brands, visit Capterra®, capterra.com, for features, pricing, and real customer reviews.
- Limit employees’ access to sensitive data
Divide your data into categories, and make sure sensitive data is protected and can be accessed only by authorized employees who have a legitimate reason to access it. If sensitive data must be sent across less-trusted networks, make sure it's encrypted.
- Conduct regular vulnerability tests and risk assessments
In a nutshell, risk is the potential for loss, damage or destruction of assets or data caused by a cyber threat. A vulnerability is a weakness in your infrastructure, networks or applications that potentially exposes you to threats. Create a system and schedule to keep your operations secure.
- Work with an expert
Like plumbing and electrical work, you sometimes need to call in an expert. If you need to test a new site or conduct risk assessment, contact an expert to make sure your data is secure. Work with a professional who has experience in your industry and small business security.
While these suggestions are a helpful start, you might need additional protection. Each business is unique with their own security needs, so it’s important to do an assessment of your own business’s cybersecurity needs.
The Small Business Administration (SBA) has an excellent list of tips to help you keep your company and data safe here: Top Ten Cybersecurity Tips. Strategies include educating employees about cyber threats and holding them accountable as well as establishing security practices and policies to protect sensitive information.
Additional resources are available from the office of Homeland Security. The Stop.Think.Connect. toolkit is filled with tips, fact sheets, and shareable resources. Access the kit here: www.dhs.gov/stopthinkconnect-toolkit.
WHAT YOU NEED TO KNOW: The SmartBiz ® Small Business Blog and other related communications from SmartBiz Loans ® are intended to provide general information on relevant topics for managing small businesses. Be aware that this is not a comprehensive analysis of the subject matter covered and is not intended to provide specific recommendations to you or your business with respect to the matters addressed. Please consult legal and financial processionals for further information.