Can you guess what percentage of small businesses in the United States suffered a data breach in 2017?
If you said 10%, or maybe 20%, you’re not even warm.
The alarming reality is that 47% of small business networks came under siege at least once by cyber criminals that year, and 44% of the companies hit said they had multiple cyber-attacks, according to a survey reported by USA Today. It’s hard to swallow news of criminals targeting American mom-and-pops, but what may be even more difficult to digest is the fact that most took no action to protect their cyber interests afterward. The survey also found that only about 3 in 10 small businesses could handle a cyber-attack if it happened today.
Unfortunately, many small and midsize businesses (SMBs) live in denial that the data they keep on customers, stakeholders, vendors, and others is significant. While smaller companies may not have data at the scale of enterprise-level organizations, they do have valuable information that could be used in identity theft crimes because they often act as gateways to larger companies―thanks to unprotected connections. For this reason, cybercriminals are interested in hacking small businesses.
Although budgets may be limited and security resources slim in many SMBs, there are ways to develop a robust cybersecurity strategy and infrastructure without breaking the bank. Here are a few things you can and should do (quickly) to prepare your small business with cybersecurity defenses.
Step 1: Implement Cyber Literacy 101
A knowledgeable staff is a more secure staff, at every level. Basic cybersecurity education and ongoing reminders about phishing attacks and other social engineering tactics scammers use to access data can help protect your employees and your business. Phishers are becoming increasingly sophisticated at creating emails that look like they really could have come from a reputable or familiar entity. Awareness of the dangers of clicking on unfamiliar links and opening email attachments from unknown senders is good for all employees to have.
Step 2: Pay a Little for Added Security
It can cost as little as a few hundred dollars a year to have an outside service keep a duplicate of all of your company’s files on an ongoing basis. The best backups keep creating versions of files that can be accessed in the event of a ransomware attack.
If you have a business website, you can use software that includes firewalls to help protect it from hackers. But you might be better off hiring a service here too, someone that will monitor your site with tools that detect and disable intruders.
Step 3: Create a Mobile Defense
Your company’s data doesn’t live solely within the confines of your office space, so neither should your cybersecurity strategy. With your on-premise network sufficiently secured with firewalls to protect the internet activity of your employees and backups to minimize the effects of ransomware, you should now focus good attention on the mobile devices that are becoming more valuable as targets for cyber attacks.
If your employees access company data or networks offsite from their mobile devices, those devices need to be secure. Just think about the consequences of malicious software sending device information to hackers and performing other harmful commands. Or, mobile phones spreading viruses to any office computers they are connected to.
To combat such types of attacks, you may want to establish companywide policies regarding the use (or non-use) of mobile phones to view, transmit, and download company information. Sensitive data should only be accessible on the go once security apps have been installed and/or the devices have been password-protected.
Step 4: Enlist the Help of Pros
All this talk about system and data vulnerabilities, the need for cybersecurity best practices, and cultivating an educated workforce may be a bit overwhelming. Instead of throwing up your hands in frustration or sitting idly by, enlist a team of experts to help you conduct a cybersecurity threat assessment. A Managed Security Service Provider, or MSSP, can perform a comprehensive assessment to identify your weaknesses and then help you correct them.
You don’t need to be a multi-billion dollar corporation with thousands of employees to establish a vigorous cybersecurity infrastructure. You just need to understand the importance of having one, sooner rather than later. Cybint is here to help you prepare your small business to withstand cyber risk.