If you run a small business, you might not think that you are a priority target for hackers. But you'd be wrong.
Small and Medium-Sized Businesses (SMBs) are among the most frequent target for cyber attacks. Even the smallest business holds a wealth of personal information on customers, employees, and other businesses. In addition, SMBs are at greater risk for cyber attacks because they tend to be easier targets, and don’t always have the resources that larger organizations can deploy to protect themselves.
SMBs also tend to be highly mobile, adaptive organizations, and this means that they have an increased surface area for cyber attacks due to the number of different systems and resources they use.
It’s no surprise, then, that according to the 2018 Verizon Data Breach Investigations Report, 58 percent of all cyberattacks targeted small businesses, and that in 2018 48 percent of data breaches involved hacking, and 30 percent featured malware.
Thankfully, there are some steps you can take to protect your business, such as following these cyber security tips for small and midsize businesses:
Table of Contents
1. Consider Managed IT Services
One of the easiest ways to improve your cybersecurity is to outsource it to experts who know how to protect your systems. Today, many companies offer managed IT services that are designed with data security in mind, and these cover all aspects of business operations.
It’s also worth reviewing the services that you already outsource, in order to make sure that your business partners are taking cybersecurity as seriously as you are. One area that is particularly critical for SMBs, but also often overlooked, is web hosting.
Do you note infrequent times when your site is down? You might not make an intuitive connection between downtime and security vulnerabilities but it exists. A site that is offline indicates something could be wrong at your host’s server and it might be hackers at play.
What is a reasonable uptime expectation? Maybe higher than you think. In collaboration with Pingdom, consumer research group HostingCanada.org found that hosts with an annual average uptime with less than 99.95% were untenable as a business solution. That may seem quite good, but even 0.05% of downtime equates to more than 43 hours of a website being offline over the course of a year. The bottom line - web hosts that can’t keep your site up at that rate can be a major vulnerability for your business.
2. Patch Your Vulnerabilities
Second, update your software. We all know we should do this, but it often gets overlooked in a busy working environment.
The consequences of not updating your software can be severe, though. The Equifax breach was one of the biggest stories of 2018 and involved the personal information of 143 million people being exposed. One of the strangest aspects of the leak, though, was that it would not have happened had Equifax updated their security software.
This leak was made worse by the fact that Equifax did not tell anyone about the breach for 6 weeks, thereby incurring fines on top of those they already faced. This, in turn, points to another type of vulnerability that you should take seriously as an SMB: the heavy fines that can follow a data breach.
Even with the best security in the world, mistakes sometimes occur, and you should plan for them.
If the initial data breach doesn’t kill your business, the fines might. This is particularly relevant for SMBs, because where a bigger organization can absorb the cleanup and containment costs of a breach, SMBs may not even survive the attack. According to the U.S. National Cyber Security Alliance, 60 percent of small companies are unable to sustain their business more than six months following a cyberattack.
3. Educate Your Employees
Another huge source of risk for SMBs is poor staff knowledge and training, or even disgruntled employees deliberately leaking information.
Believe it or not, many people are still not using strong passwords for their online or business accounts, and many still do not know how to spot a simple email scam. According to a recent Verizon report, one-fifth of data breaches are caused by human error, and this represents just as large a risk to SMBs as any technical infrastructure.
Employee education and employment procedures should, therefore, take into account three primary sources of risk.
- Make sure that your employees know how to keep their accounts secure.
- This training should extend to physical security, so that employees know who should be in the office at a particular time, and report any suspicious characters.
- You should put in place rigorous exit procedures for employees who leave, shutting down their access to all critical systems immediately.
4. Physically Secure Your Network
Amid all the talk about securing systems and networks, it’s easy to forget that physical devices are also a source of vulnerability. You can have the strongest network protections in the world and the best-trained staff, but sometimes overcoming your security measures is as easy as an attacker walking into your office and re-setting your router.
The solution here is twofold. First, make sure that access to your physical infrastructure is limited to those who need it. Second, you can monitor access to your premises and key pieces of office infrastructure using video cameras.
5. Use Firewalls
Finally, make sure you do what the SBA (Small Business Administration) has been advising for years, and set up firewalls to protect all parts of your network. This includes not just checkout and sign-up pages, but every single public-facing page on your site.
This also extends to any network used by your employees to access business documents. If your employees sometimes work from home, for instance, they should have a firewall installed on their home computer.
Your options, when it comes to firewalls, can be pretty confusing, but the standard firewalls that come with Windows 8 and 10 are a good place to start if you haven't set them up already. Beyond this, there are other solutions that will analyze network traffic in more depth, and catch greater levels of suspicious activity.
Or, and to return to my first point, you can contract out your firewall protection to an expert, who will be able to advise you on the best protection for your SMB.
Plan, Plan, and Plan
Ultimately, cybersecurity is your responsibility. Even if your business relies on a large number of third-party suppliers and partners, if you are sharing data with them you will be held responsible if it is stolen.
The best advice of all, therefore, is to plan. This involves assessing your level of risk, putting in place suitable security measures, and taking expert advice on the best way to secure your networks. It should also involve a consideration of what you will do in the event that you become the victim of a cyberattack.
The steps above will go a long way toward securing your business infrastructure against attacks, but even with the best security, they can still succeed. It is therefore critical that both you and your employees know how to respond, in order to avoid an attack sinking your entire business.