November 4, 2016
Cyber-security is a term that small business owners hear frequently, but few understand just how important and timely it is. While many assume that only large Fortune 500 companies need to take security threats seriously, the reality is that smaller organizations have just as much to fear.
SMB Security Threats Aren’t Going Away
In 2011, small businesses were victims of cyber attacks only 18 percent of the time. However, over the last five years, that number has risen dramatically. In 2015, 43 percent of all cyber-attacks targeted small businesses. That’s up more than nine percent from 2014 alone and shows that hackers are making small businesses – which are much more likely to be unprotected – their primary targets.
While hackers and scammers always seem to be one step ahead of the security industry, it’s clear that the following three issues are pervasive. Businesses must deal with them immediately or risk falling victim to dangerous attacks.
- Ransomware and phishing. As time passes, we’re seeing much more advanced and creative ransomware and phishing attacks. The scary thing about these attacks is that it’s too late to recover anything once the hacker gains access to what they want. In the case of ransomware, the only way out is to pay off the hacker.
- People. You may like to assume that your biggest threats are lurking in dark basements in foreign countries, but sometimes your own employees are your biggest liability. Whether purposefully or accidently, employees can wreak havoc on your systems.
- Outdated software and tools. Small businesses don’t always update software and tools as they should. As a result, loopholes can be exposed and businesses may unwittingly fall prey to scams that are otherwise protected in updated versions.
The main thing is that small business owners are aware of the risks they face. The most dangerous belief you can have is the idea that you’re safe because you’re small. As the trends show, you most certainly are not the exception to the rule.
Six Tips for Securing Your Company
The bad news is that hackers and scammers are targeting small businesses. The good news is that there are plenty of ways to protect your business and mitigate your risk.
Let’s check out some of the things you can do.
1. Improve File Sharing Strategies
In today’s business world, where many companies work remotely and exchange sensitive information with different parties, it’s imperative that small businesses develop secure file sharing strategies that keep data out of the wrong hands.
Thankfully, there are a variety of technologies designed to help businesses, just like yours, enhance security in this critical area. Make sure you compare different options and find a solution that fits your budget, needs, and existing tools.
2. Enhance Employee and Administrator Passwords
One of the most common entry points for hackers is actually the same entry point that you and your employees use to access files: account IDs and passwords. Since most passwords are easily guessed, hackers don’t have to go through much effort to find their way into businesses. By improving password security, you can mitigate some of the threats associated with password hacking.
For starters, set up requirements for all passwords. They should be at least eight characters long and need to contain upper case and lower case letters, numbers, and symbols. Furthermore, passwords should be changed at least once a month, and the same password should never be used on multiple accounts.
3. Be Careful With BYOD Policies
BYOD policies are fairly common in today’s leading small businesses, but the biggest disadvantage here is a lack of security. If you’re allowing your employees to use personal mobile devices in the workplace, then there needs to be a clear set of rules.
All devices should be password protected, with the same password rules that apply to other accounts. There needs to be a policy in place for handling lost or stolen devices and all data on these devices should be encrypted.
4. Educate Your Employees
Don’t assume that your employees understand the cyber threats your company faces. The best way to enhance security is by educating employees.
“It’s clear that hackers will continue to target small businesses with phishing attacks,” says Joshua Sophy of Small Business Trends. “And since these attacks are targeting employees mostly, implementing a proper training and informational program on phishing schemes within your company is prudent.”
Not only does employee education prevent errors and oversights, but it also makes employees more aware of their surroundings. As a result, they can report suspicious activity and understand how they’re expected to respond.
5. Think About Cyberinsurance
No matter how well you guard your business and how many different layers of defense you establish, it’s impossible to avoid every single threat. That’s why many small businesses are turning to a new option: cyber-insurance.
“In the past several years, cyber-insurance policies have become an increasingly popular option for small businesses looking to protect credit card information, customer names and addresses, and other sensitive data stored in online systems,” business expert Paula Fernandes notes. “Cyber risks aren’t typically covered under general liability insurance, so it’s important to find out which types of coverage are available.”
It’s always better to have more protection than you need. If your business doesn’t have the resources to survive a significant attack, then you should consider adding a cyber-insurance policy for peace of mind.
6. Remain Agile
Above all else, your business must remain agile. New security threats emerge every day and technologies are being updated on a regular basis. Avoid getting stuck in your ways and always be prepared to move. This is the only way you can stay safe and significantly reduce your risk of being attacked.
An Investment in Security Always Pays Off
There are three primary reasons small businesses fail to invest in security:
1. They don’t realize the severity of cyber threats,
2. They don’t know what to do, or
3. They’re worried about the cost of security.
After reading this article, you can’t let No. 1 or No. 2 hold you back. But what about No. 3? Will the cost of cyber-security set you back? The short answer here is no.
While it does take time and money to overhaul your security measures and establish a defense, the initial investment is nothing compared to the massive costs associated with an attack. Think about it in terms of insurance. Your business has a handful of different insurance policies. They all cost money and don’t really give you much in return. However, if you ever need to file a claim, the savings on that claim alone make years of paying monthly premiums worth it.
Cyber-security is the same way. You’ll never understand the true value of securing your business unless you suffer an attack. Hopefully, though, you’ll wake up and make an investment in security before you ever have to figure it out on your own.
Small businesses no longer have the luxury of idly standing by, so make sure you’re protected.
I am a professional blogger, writer, researcher and successful investor who contributes to a number of reputable online media outlets and news sources. A graduate of Iowa State University, I’m now a full-time freelance writer, business consultant and independent real estate investor. Currently, I write for Inc.com, Entrepreneur.com, TheNextWeb.com and BiggerPockets.com. I have previously contributed to the HuffingtonPost.com, and Business.com, among others. In addition to journalism, technical writing and in-depth research, I’m also active in real estate investing and spend weekends volunteering with a local non-profit literacy organization. When I’m not saving the world with my keyboard, I can be found rock climbing.