Small business owners tend to assume they are not as at-risk for cyberattack as their larger brethren. In fact, more than 80 percent believe they “don’t have anything worth stealing.” However, most small businesses have digital assets, credit card information and other sensitive data that hackers prey on. Furthermore, theft of digital information is the most commonly reported fraud, eclipsing even physical theft.
The Ponemon Institute in 2016 surveyed 598 individuals in companies with a headcount from less than 100 to 1,000 and found that 55 percent of respondents had experienced a cyberattack in the previous 12 months. The report further states that the most prevalent attacks against small businesses are web-based and phishing/social engineering, and that negligent employees or contractors and third parties caused most data breaches.
Cybersecurity is essential for any business, whether large or small. To ensure your information is safe, it is imperative to adhere to the following five cybersecurity tips:
No. 1: Secure every computer and network. All of a business’ computers, including laptops, need to be protected against viruses, spyware and other malicious code. This can be achieved by installing antivirus software and antispyware and updating them on a regular basis. Networks can be secured by utilizing firewall and encrypting information, and if you have Wi-Fi it can be hidden by setting up the wireless access point or router so it does not broadcast the network name. Additionally, if you have employees that telecommute, their home systems should also be protected by a firewall.
No. 2: Safeguard mobile devices. Due to the fact that millions of people use their mobile devices for just about everything, including work-related matters, employees should be required to password-protect their mobile devices, especially if they contain confidential information or can access your business’ network. Other measures for safeguarding mobile devices include encrypting data and installing security apps, which can prevent cybercriminals from stealing information when a mobile device is on a public network. Android in particular has a large inventory of malicious, infectious apps, so staff should be trained or prevented from downloading random apps from the app store.
No. 3: Back up critical data. Any business, large or small, should have backup copies of its critical data, such as financial files, accounts receivable/payable files, electronic spreadsheets, etc. This is essential when recovering from a crypto-malware/ransomware attack. Backups should be performed regularly.
No. 4: Educate employees about cybersecurity. Ensuring the security of a small business’ data is not only up to its owner, but its staff as well. Employees need to be educated about cyber threats and how to protect the company’s data. This is especially imperative in regards to using social network sites, and employees should be taught how to post online without revealing any sensitive company information. They should also be required to use very strong, case-sensitive passwords, and to change them frequently.
No. 5: Limit access to information. It is important to not provide just one employee with access to all of your data systems, but equally important to limit access to data for other employees, including the authority to install software. Ensure that employees are only given access to specific data systems required for their job duties, and keep in mind that unmanaged administrator privileges are some of the biggest IT security threats to a small business.