Many small businesses have fallen into traps simply because they believe they’re too “small” to get the attention of those charged with regulating operations.
Some don’t have employee handbooks even though they are required to do so. Others have been very loose with designating workers as “independent contractors” when they clearly are not. Some have inaccurately deducted expenses for having a home office.
Today, the “we’re-too-small” mentality has trickled into the vernacular when it comes to cyber security, resulting in financial ruin. Frankly, the risks are greater with small businesses simply because one successful hacker or phishing expedition can close their doors.null
However, it stands to reason that small businesses frequently don’t take the proper precautions. They may not have sophisticated IT professionals working on their behalf. Some may be too busy. Others simply believe it just won’t happen because hackers don’t target small companies.
It makes sense since because we rarely read about small companies that are targeted by cyber security. The big names in the corporate world are the ones getting noticed. For example:
For Small Businesses, Cyberattacks Can Be Crushing
The 2020 Verizon Data Breach Investigations Report (DBIR) found that 28% of breaches involved small business victims. Ransomware demands have also skyrocketed, with the average payment jumping from $111,000 to $178,000 in 2020 alone—a 60% increase in less than a calendar year. With these numbers sharply on the rise, it is not surprising that 60% of victims go out of business within six months of an attack.
The COVID-19 pandemic also created new opportunities for attackers to strike, particularly as businesses rapidly adjusted to remote work. As COVID-19 vaccines enter distribution, attackers will see this as a new and lucrative opportunity. Security pros have already discovered wide-ranging cyberattacks targeting large and small businesses up and down the supply chain. With attackers only growing more determined, companies should look to shore up their networks against a wide variety of attack vectors. They should also establish additional visibility into attackers seeking to secure privileges and move laterally to further their attacks.null
Credential Theft Continues to Loom Large
According to the DBIR, 80% of hacking-related breaches involve brute force attacks or stolen credentials. Poorly secured credentials represent a problem that affects businesses large and small, with incidents ranging from last year’s Twitter hack to a recent ransomware incident that forced two Michigan doctors to shut down their practices. Attackers attempt to get their hands on these credentials in various ways, including phishing scams and searching unsecured endpoints for exposed credentials. Many of today’s small businesses use Active Directory, a popular target for attackers looking to escalate their privileges.
Recent surveys have shown that privileged access was used in three out of four attacks, demonstrating how vulnerable organizations are when they cannot prevent the theft of credentials and privilege escalation activities. Finding and remediating these exposed credentials before attackers identify and exploit them is essential. Businesses can turn the situation to their advantage by seeding their networks with deceptive credentials that trick intruders into exposing themselves. Defenders can then neutralize the attack and gather adversary intelligence to better prepare for the next attack
Common Cyber Threats
There are three common types of cyberattacks:
- Malware, or malicious software, could be a virus or worm to damage the user’s information.
- Phishing sends emails with faulty email addresses or text messages posing as a reputable company.
- Man-in-the-middle, where a hacker intercepts communication between a consumer and a company. The hacker often uses Wi-Fi to steal the customer’s information.
It is important to have strategies in place to safeguard your business from cyberattacks. Use the strategies below to protect your business and employees.
Train Employees On Security Standards
One of the biggest cybersecurity risks your business faces is employee negligence. There are two main degrees of negligence: simple and gross. Employees should be trained on decreasing the chances of a data breach. This can include not leaving computers unattended and unlocked, not using unsecured Wi-Fi when working from home or in a public space, creating strong email passwords, identifying phishing emails, and how to protect sensitive information. To help with this, the Small Business Association has an online self-guided course on basic cybersecurity tactics. The FCC also provides a planning program for small business owners to create a cybersecurity plan.
Use A Firewall Antivirus Software
It’s been estimated that the average enterprise uses 500+ software applications. So it’s important to make sure business computers are up to date with the latest antivirus software and anti-spyware programs. Using high-quality software provides the latest updates automatically, which prevents and corrects security problems. These updates improve how well your computers function.
Secure Your Wi-Fi Network
One major factor in protecting your Wi-Fi network from hackers is using firewall protection and encryption. Place your Wi-Fi network in a hidden location for higher security and create a Service Set Identifier (SSID) to hide your network name and router. Make sure your SSID is password protected with a strong password.
Strong passwords should include:
- At least 10 characters or more
- One or more uppercase letters
- One or more numbers
- At least one special character
Protect Payment Processing
Businesses big and small can have their payment processing software attacked. As a result of a cyberattack against Target, payment card data for more than 40 millioncredit and debit card customers was compromised. To protect yourself, work with your bank and other financial institutions to get anti-fraud equipment that ensures the safest transactions. Create policies with financial institutions that will protect transactions, such as using different equipment for payment processing only and not for internet searches. For more ways to protect your payment system, look at the Payment Card Industry Security Standards Council guide.
Backup Your Data
If your business is a victim of a cyberattack, you need to make sure that all critical data in your system is backed up. The best practice is to do a system backup weekly to protect your database, including word documents, financial records, spreadsheets, and employee files. The backup system can be stored off-site or in the cloud.
Control Access To Systems And Data
It’s best practice to prevent access to computers and systems to unauthorized people. When not in use, secure or lock laptops and give each employee a separate user account and password. Limit your administrative system access to only IT staff. It’s also best not to limit one employee to have access to all system information. Employees should be given access to the system that they work with directly. There should also be a limit as to what software employees can download as well.
The risk of cyberattacks on businesses of all sizes is only increasing over time. More and more, hackers are using sophisticated methods to gain access to your sensitive information. Protect yourself by taking steps now to improve your business cybersecurity
Cybersecurity best practices
In addition to implementing some sort of software-based solution, small businesses should adopt certain technological best practices and policies to shore up vulnerabilities.
- Keep your software up to date. Hackers are constantly scanning for security vulnerabilities, Cobb said, and if you let these weaknesses go for too long, you’re greatly increasing your chances of being targeted.
- Educate your employees. Teach your employees about the different ways cybercriminals can infiltrate your systems. Advise them on how to recognize signs of a breach and educate them on how to stay safe while using the company’s network.
- Implement formal security policies. Putting in place and enforcing security policies is essential to locking down your system. Protecting the network should be on everyone’s mind since everyone who uses it can be a potential endpoint for attackers. Regularly hold meetings and seminars on the best cybersecurity practices, such as using strong passwords, identifying and reporting suspicious emails, activating two-factor authentication, and clicking links or downloading attachments.
- Practice your incident response plan. Despite your best efforts, there may come a time when your company falls prey to a cyberattack. If that day comes, it’s important that your staff can handle the fallout that comes from it. By drawing up a response plan, attacks can be quickly identified and quelled before doing too much damage.