The Internet allows businesses of all sizes and from any location to reach new and larger markets and provides opportunities to work more efficiently by using computer-based tools.
Whether a company is thinking of adopting cloud computing or just using email and maintaining a website, cybersecurity should be a part of the plan.
Everything we do, both at a business and personal level, seems to involve technology in one way or another.
However, as that happens, businesses continue to be a top target for hackers, with the number of organizations hit by cybercrime rising each year.
Each year promises faster internet, more connectivity, and unfortunately, more cybersecurity threats.
According to a study released by IBM, the cost of a data breach has risen 12% over the last five years and now averages $3.92 million per business.
Not only do cyber attacks cost millions of dollars each year, they could lead to other serious problems for business owners.
Business owners could not only be facing a potentially significant disruption in their business when getting hit with a cyber attack, but lawsuits from their customers or others if they (or their attorneys) believe that you were negligent.
“Thinking about how to respond to a cyber-event after it happens is a poor strategy,” says Tim Francis, a vice president specializing in cyber insurance at Travelers Insurance.
“Business owners need to consider cyber-attacks just as they would any other risk — like fire, theft, or severe weather — and plan for it as part of their business continuity strategy.”
Cyber attacks are constantly evolving, but business owners should at least be aware of the most common types so they know how to protect themselves:
- Malware – Malware is an umbrella term that refers to software intentionally designed to cause damage to a computer, server, client, or computer network. Malware can include viruses and ransomware.
- Viruses – Viruses are harmful programs intended to spread from computer to computer (and other connected devices). Viruses are intended to give cybercriminals access to your system.
- Ransomware – Ransomware is a specific type of malware that infects and restricts access to a computer until a ransom is paid. Ransomware is usually delivered through phishing emails and exploits unpatched vulnerabilities in software.
- Phishing – Phishing is a type of cyber attack that uses email or a malicious website to infect your machine with malware or collect your sensitive information. Phishing emails appear as though they’ve been sent from a legitimate organization or known individual. These emails often entice users to click on a link or open an attachment containing malicious code. After the code is run, your computer may become infected with malware.
There are many ways to protect your organization from cyber attacks that could cost you hundreds if not thousands of dollars and/or lost data.
Here are some cybersecurity best practices:
Cybersecurity Best Practices
Employee Training
Employees and emails are a leading cause of data breaches for small businesses because they are a direct path into your systems.
Employees should be trained on how to:
- Spot phishing emails
- Use good browsing practices
- Avoid suspicious downloads
- Create strong passwords
- Protect sensitive customer and vendor information
- Know the signs of social engineering
KnowBe4 is a great resource for training employees on the dangers of cyber attacks.
Use Antivirus and Malware Software’s
Make sure each of your business’s computers is equipped with antivirus software and anti-spyware and updated regularly.
Since cyber attacks involve installing malware on the employee’s computer when a link is clicked, or attachment is opened, it is essential to have anti-malware software installed on all devices and the network.
Secure Networks with Passwords
Use strong passwords that include 10 characters or more and a combination of uppercase, lowercase, numbers and special characters.
Passwords should also be changed frequently and should not be repeated.
Multi factor Authentication
Multi-factor authentication requires additional information such as a security code sent to your phone to log in.
Extensive Backup and Recovery Planning
Every business should have a way to restore backups and recover data should an attack occur.
The SBA recommends at least backing up word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files.
To ensure that you will have the latest backup if you ever need it, check your backup regularly to ensure that it is functioning correctly.
Firewalls
One of the first lines of defense in a cyber-attack is a firewall.
In addition to the standard external firewall, many companies are starting to install internal firewalls to provide additional protection.
It’s also important that employees working from home install a firewall on their home network as well.
Consider providing firewall software and support for home networks to ensure compliance.
Cyber Insurance Plan
Finally, and considering all the risks, every small business needs to make sure there’s some type of cyber insurance in place.
Many of the agreements with the cloud-based providers that are hosting data put the liability back on their customers, especially if any breach was caused by lack of training, software, or due diligence on the customer side.
Today it’s critical for small businesses to adopt strategies for fighting cyberthreats.
More than half of all small businesses suffered a breach within the last year alone.
Security is a moving target.
The cyber criminals get more advanced every day.
In order to protect your data as much as possible, it’s essential that each and every employee make cyber security a top priority.
And most importantly, that you stay on top of the latest trends for attacks and newest prevention technology. Your business depends on it.