The Internet has been a boon for small businesses, providing a level playing field that’s allowed them to compete for customers globally. At the same time, it has made smaller companies much bigger targets for hackers.
Fully half of small to medium-sized businesses reported security breaches over the past year, Tweet This according to a 2016 report by Keeper Security and the Ponemon Institute. Yet, too many small business owners don’t think they have anything to worry about – more than eight in 10 believe they have nothing worth stealing, according to a survey by Towergate Insurance.
Unfortunately, this simply isn’t true. Valuable customer information and financial data aside, hackers know that even less-valuable information has value to someone – namely, you. Hence the proliferation of so-called “ransomware” attacks, in which hackers encrypt a computer’s or network’s files and demand payment to restore access. In one well-publicized case, a Los Angeles hospital agreed to pay $17,000 to regain access to its data after a ransomware attack. Ransomware attacks grew by nearly 170% in 2015, according to Intel Security.
Hackers are also becoming more sophisticated. Clumsy, poorly written emails attempting to coax passwords out of employees are evolving into more sophisticated attacks. Dubbed “spear phishing,” these emails convey just enough information about an organization and its people to seem plausible. In one experiment conducted by a National Security Agency researcher, 80% of West Point Army cadets clicked on a potentially dangerous email link to see their grades because it was sent by a fictitious colonel.
Fortunately, many of the things small businesses can do to help protect themselves from cyber attacks don’t require big budgets. Here are some examples:
Use Smart IT practices
Your small business may not have an IT department, or you may be its IT department, but you still should consider following cyber security best practices. Use different passwords for every website you access. Require employees to use complex passwords and change them regularly. Obtain and regularly update anti-malware or anti-virus software. Make sure your computers’ operating systems and software are kept up to date.
Given the explosion of ransomware attacks, regular backups of your data are critical. Small businesses can use an external hard drive to back up critical data, but should keep it disconnected when it’s not being used. Another option is a low-cost cloud-based backup service such as Backblaze or Carbonite, which has the added bonus of keeping a copy of data offsite to protect against fire or physical theft.
Like “spear phishing,” many cyber attacks focus on people, not technology, as the chink in the armor. There’s even a term for it – “social engineering.” As a result, employees should be trained on how to react to suspicious emails and, above all, never to click on a link or attachment in an unfamiliar message.
Watch Out For Invoice Fraud
A long-time headache for small businesses has migrated from mail to cyber space. Hackers can tap information about legitimate customers from compromised email accounts or company data to send bogus invoices. Make it a habit to compare payment details with what you have on record; if they’re different, reach out to the customer to confirm the change.
These precautions are especially important if you’re working with your customer’s personal information. Do your due diligence and set time aside to train your employees on some basic steps to avoid security breaches and compromised information.
Cyber security is just one of the many risks your company will face. Learn more about different types of business risk and how you can help minimize them.
Photo Credit: RLTheis, Twenty20