Is your business 100 percent safe from cyberattacks? The last thing you want is for your whole operation to grind to a halt because of a cyberthreat. Here's everything you need to know about small business cybersecurity in 2018.
Headlines about data breaches are always about huge enterprises or other big organizations. That doesn't mean they're the only ones who get hit, though. [quotesright]Small businesses don't get as much notice, but they're favorite targets for criminals. [/quotesright] They don't have the same resources as huge corporations to defend their data, so they look like easy pickings.
What do small businesses have that's worth grabbing? Enough to justify the attempt. [quotesright]Even if criminals don't find anything of value, they can do serious damage just by trying.[/quotesright] Here are some of the things you need to know about small business cybersecurity.
- Ransomware: Malware deposited on your computer that scrambles the files on it. If you don't have a safe backup, the only way to get the data back is to pay for a decryption key. Sometimes you don't get it back even then, or you might get hit with a second round of ransomware.
The City of Atlanta was hit recently by a ransomware attack and it cost over $50 million to recover. For months, some departments were forced to operate with pencil and paper. [quotesright]It could have been your company. How would you handle that? [/quotesright]
- Botnet Infiltration: A breach that can install software to make your machines do the criminals' work for them. They might send out spam, conduct denial-of-service attacks, or do cryptocurrency mining for their own profit.
The consequences can include blacklisting of your domain, a reduction in your systems' efficiency, and system crashes. [quotesright]It can take weeks or months to figure out what has happened. [/quotesright] - Theft of Confidential Data: Hopefully, you don't store credit card numbers on your systems, but the theft of contact information can be bad enough. If customers become targets for scams, and if they can match them up with information taken from you, that's bad for your business. And, it can cost you plenty. Settlements in the millions could be your penalty for failure to protect customer data.
Nine Common Mistakes That Can Cost You Plenty
Cybersecurity should be one of your top priorities in your business. Data breaches can occur at any time and the results can be disastrous. Here are eight common mistakes to avoid.
1. It Can't Happen to Me!
[quotesright]Most people think, either consciously or in the back of their minds, that an attack can't or will not happen to them. [/quotesright] The reality is that even if you own a small business, you can still be hit with a very sophisticated virus. If it does happen, you will be in hot water, so take the necessary precautions before it is too late.
2. Not Having a Plan
It's all fine and dandy to have an antivirus system installed, and it's even better when you have various other precautions, firewalls, and monitoring systems in place. However, you also need to have a backup plan! This doesn't just refer to backing up your data, though that is a big part of it.
You must know exactly what you will do if a breach is detected and who you will be relying on to get you out of the mess.
3. A BYOD Policy
Having a Bring Your Own Device policy may be cheaper in the short run, but it can cost you big in the long run. There is no way for you to control what your employees do on their own phones. [quotesright]They will be browsing the net and downloading all sorts of programs that can expose your network to attacks.[/quotesright] They may be connecting their devices to other networks that are not safe when they are not at work.
4. Not Destroying Hard Drives
You should also destroy your hard drives completely when disposing of them. Simply erasing them is not enough.
5. Not Using Effective Passwords
Cyberattacks are happening at a rapid pace and creating strong passwords is essential in today's work environment. Unfortunately, many users only use one or two passwords they can remember easily and use them on all their accounts. [quotes]Hackers love this. If you can remember it, it’s likely easy to crack[/quotes]. Better yet, if they crack one password they can access all your accounts where you used that password.
While a strong password may not prevent a hacker from gaining access to confidential files, it can make the process much more difficult. Here are three things to consider when you are creating a password.
- Avoid Common Phrases and Mix Things Up. Passwords that use common words can easily be hacked through a brute-force attack. Many employees use simple passwords that jeopardize the security of the whole organization.
Instead of using standard phrases, it is much more effective to create a password that consists of multiple upper and lowercase letters, while also using various numbers and symbols. Typically, the minimum length of a password is required to be eight characters, but longer passwords are much stronger.
- Use a Password Manager. The use of a password manager is an excellent tool that can help you create strong passwords for multiple sites. [quotesright]Instead of trying to remember each passcode, you will only need to remember one password, which will grant you access to the site. [/quotesright] A password manager is a great resource for an employee who has access to a multitude of areas but is unable to keep track of such a lengthy list of passwords.
We recommend Roboform.com, it’s highly rated, works on all your devices, keeps your logins synchronized, and is easy to use.
- Never Give Anyone Your Password. It is never a good idea to give anyone your password, whether it is your co-worker, friend, or family member. Instead, it is important to keep this information to yourself, or you risk exposing your organization to unnecessary security risks.
6. Weak Wireless Security
Computers of all kinds typically come with hardware built-in that allows them wireless connectivity to the internet and/or network access in which a host of resources are available.
On the other side of the coin, there are wireless access points that are administered to provide computers with internet or network access. There are some points to keep in mind whether using or administering a wireless network to ensure a safe experience.
The scope and complexity of security can seem like an enigma, so the points below are simplified as much as possible.
On the user side of the coin, when approaching a wireless network, there are two basic choices when it comes to security: It can be used, or not be used. Then the next consideration is open networks vs. password-protected network connections.
Some wireless networks require a password for access and some do not. [quotes]The ones that require a password encrypt data flowing over the wireless network.[/quotes] That means that in the event that somebody using the same wireless network intercepts your data, it will be unreadable (which is good).
When the data leaves the wireless network and moves across the internet, it may or may not be readable by other people depending on the website being accessed. [quotesright]Websites that use HTTPS in their website address encrypt the data from the user's computer all the way to its destination, and vice versa. [/quotesright] If the “S” portion of the protocol is missing, data will not be protected once it leaves the wireless network and moves across the internet.
7. Not Using a Strong Antivirus Program
Relying on cheap, free, or no virus protection software on your system leaves you open to viruses, ransomware, hacking, and worse. Whatever you invest will be money well spent as the bad actors can attach malware to Word documents, PDFs, and emails to exploit vulnerabilities in your computer operating software and programs.
These crooks are crafty and brilliant, and they have hacked into some very impressive sites and wreaked havoc. What we recommend:
- Norton Antivirus
- Malwarebytes paid version
8. Failing to Educate Employees on Cyber Crime Prevention
Unless you have a staff educated well enough to help stop viruses, malware, spoofing, and other attack schemes, you will be operating at a substantially added risk. Did you know the most common causes of a successful attack are your employees? Here are some common colossal problems that are easy to prevent:
- Failing to log out of password protected sites.
- Leaving passwords pinned to the wall by their desks.
- Bringing in thumb drives with cat pictures etc. to show to their friends.
- Opening emails from people whose name is for someone they know without verifying it came from the sender’s actual email address. A common scam is to send a spoofed email from Jack Jones who you know but the email comes from 1230112g@aol.com when Jack’s email is really jj@email.com. Often, it will just be a link there with some words like “Check this out!” click it and your system will be infected.
- Social Engineering: Getting a call from someone who claims they are with tech support or the phone company, etc. saying they need access to an account and asking you for the login information. Comply and you’re toast.
All these are mostly preventable if your employees are informed and your training on security is emphasized and revisited periodically. Do yourself a big favor, stop the problem before it occurs.
9. Not Having a Strong, Automated and Comprehensive Backup of Your System and Data
Failure to make frequent backups of your system and data is a huge vulnerability. Fires happen, thefts do occur, power fluctuations or lightening strikes can corrupt data, floods and other natural disasters can wipe out your system as effectively as ransomware.
Having a history of backups of your entire system including your operating system software using a backup program that will let you do a bare metal (brand new replacement system) will let you quickly recover.
It’s not free, it’s complicated to set up and you will likely need a professional’s expertise to get it working flawlessly. But that is money well spent considering the time, loss of business and costs of having to try to reconstruct your invoices, customer lists, correspondence…
If you can’t afford that level of backup, do invest in simpler solutions that backup your data. Rebuilding your system and its software and restoring your files is still easier and faster than any alternative.
Oh, and you might want to explore business interruption insurance and specific coverage of your systems and software.
Improve Your Small Business Cybersecurity
[quotes]By far, the most common way perpetrators gain access to computers is with computer viruses.[/quotes] It's a common occurrence that people download and install computer programs written by illegal hackers; the computer programs are typically laced with a computer virus that is installed simultaneously and obscured from the user during installation.
Using a little common sense and asking the question – Can this website that I'm downloading from be trusted? – can make a world of difference in computer security.
Hire a Cybersecurity Expert
For more small business cybersecurity information and help, we highly recommend you engage the services of a paid cybersecurity specialist. Security is a complex and highly technical area that requires substantial expertise to do well. [quotesright]An expert can harden your systems, networks, and wireless access points and make breaking in by the bad guys tough.[/quotesright]
The investment represents a very small cost compared to being down for weeks while you try to recover from the theft of data, loss of your files, or worse.
