One of the biggest challenges facing small to midsize businesses (SMBs) today involves building an adequate cybersecurity network that can protect their customers and data from hackers. Without a strong defense system, a single cyberattack can prove disastrous.
"According to one study, 60 percent of all targeted cyberattacks last year struck SMBs," Commissioner Luis Aguilar of the U.S. Securities and Exchange Commission said. "It has been estimated that half of the small businesses that suffer a cyberattack go out of business within six months as a result."
The problem is, cyberattacks steal data, damage the company’s reputation, result in productivity loss and can cause service disruption. The cost of dealing with a single hack can amount to $1 million, according to Radware’s 2018-2019 Global Application & Network Security Report. And unfortunately, because SMBs often can’t afford to improve their cybersecurity following a hack, they are likely to get hacked again.
Protecting your SMB isn’t just a good idea; it’s necessary to your company’s future. Here is how you can build your cyber defense today.
Train your employees
You can install the most advanced cybersecurity systems in the world, but all it takes is for a single employee to click the wrong link to let malware in. While certain spam and phishing scams are easily recognizable, they get more sophisticated every year.
"Business Email Compromise (BEC) attacks target companies with scam messages that extract information from unknowing recipients," Michael Kiaser, Executive Director of the National Cyber Security Alliance (NCSA), explained to PC Magazine. "An excellent example of a BEC attack is a fraudulent email sent from someone pretending to be the company’s CEO to the company’s human resources (HR) department. Without realizing he or she is being scammed an HR manager willingly sends personal employee data to a scammer."
Employees should be frequently trained on how to recognize phishing emails and suspicious links.
Back up data
Because ransomware is so difficult and expensive to handle once it has infiltrated your system, having a back up of all company data is critical. Whether you store it in a hard drive or the cloud is up to you, but the back up should be frequent, consistent, and include:
- credit card transactions
- client information
- project files
- email and phone call records
- billing statements
- personnel files
Depending on your product or service, you may need to consider what other information should be backed up that is either confidential or important to day-to-day business operations.
Implement two-factor authentication
An easy way for SMBs to quickly add another layer of protection to their accounts is by implementing two-factor authentication, also known as 2FA. Accounts protected by only a password, regardless of how complicated, are notoriously vulnerable to cyberattack.
2FA prevents a party who doesn’t have access to your private computer or main mobile device from changing your passwords or getting into your account. When they attempt it, the account owner receives an email, text or call with a code necessary for accessing the account or making the password change. Not only does this prevent hackers from gaining access to personal information, but it also lets you know when someone is trying to hack your account.
Update security software
Most companies already employ some form of security software on their computers, but keeping them updated is another story. With the constantly evolving cybersecurity threats, it’s important to make sure your software evolves, too.
Employees who access company accounts on personal computers should make sure they also install adequate security software with a set schedule for consistent scanning for cyber threats on their personal devices.
Perform periodic digital de-cluttering
The Better Business Bureau and NCSA suggest periodic digital cleaning of business computers and devices. This digital cleaning should include:
- uninstalling apps and software you’re no longer using
- secure or delete old or unnecessary data
- unsubscribe from newsletters and email alerts you don’t read
- clean up your social media posts and accounts
- review and update your cybersecurity strategy
If you don’t currently have a cybersecurity strategy, part of your next de-cluttering routine should be determining how you could create or improve your existing plan.
If you want more detailed and specific help with managing your company's digital security, sign up for the Salt Lake Chamber's Cybersecurity Conference. Although it has been postponed, the new August date has plenty of tickets available and great information from the community's tech experts. Secure your company's future with the most powerful weapon: knowledge.