Hackers are increasingly targeting small businesses, making cybersecurity measures more important than ever. Here’s a rundown on the basics.
According to Symantec’s 2016 Internet Security Threat Report, cyberattacks are daily occurrence. In 2015, the security firm reported over 1 million web attacks against people a day. Out of that staggering number, 43% targeted small businesses.
With larger companies beefing up their cybersecurity measures, small businesses have become attractive targets for hackers. Owners should be concerned. First Data estimates that the cost of a data breach for a small business merchant averages $36,000 to $50,000.
Fortunately, common-sense solutions and general awareness of cybercrime techniques can greatly reduce your business’s vulnerability to cyberattacks.
- Install Antivirus Software
“The best ways to steer clear of viruses and malware are to use an industry-leading anti-virus software solution,” said Anurag Sharma, principal of WithumSmith+Brown’s cybersecurity consulting practice. “There are many types out there, and they don’t have to break the bank, but having a level of defense can go a long way.”
If you already have good antivirus software, make sure the auto-update and firewall options are turned on.
- Back Up Your Files
Symantec reports that ransomware—a method of using encryption to hold critical data hostage for money—increased 35% in 2015. Updating your web applications can help prevent an attack, but it’s important to regularly back-up important files just in case.
“The easiest way to minimize the impact of a ransomware attack is to immediately disconnect the infected machine(s) from the network, reinstall the operating system and restore from your last good backup copy,” Sharma said.
- Be Wary of Email & Downloads
Email scams are becoming ever more sophisticated. Spear phishing, for example, is an email that appears to be from an individual or business you know, designed to trick you into revealing personal info.
It’s important for you and your employees to be wary of anything coming into your inbox. “Never click a link or open an attachment that you did not expect to receive,” Sharma said. “If you’re not expecting something or have to think twice about the contents, don’t open it.”
- Install Software & Operating System Updates
Pop-up reminders to update your web browser or operating system (like Windows or OS) may seem annoying, but don’t ignore them. “Ensure operating systems and applications are always fully patched with the latest security fixes,” said Morey Haber, VP of technology at BeyondTrust. These updates will help protect you from cyberattacks.
- Use Complex Passwords
Weak passwords are an invitation for hackers. Don’t make the mistake of using simple passwords, or using the same password for multiple accounts.
“Small businesses should invest in complex password policies for all of their employees,” said Ray McKenzie, founder of Red Beach Advisors. “These do not have to be too complex, but they should include a minimum of 10 characters, upper case letter, lower case letter, number and symbol.”
- Use Secure Systems to Accept Card Payments
“Never photocopy, hand write, electronically key-in to a terminal, or manually copy credit card information,” Haber said. “While this is a common practice for orders over the phone, consider a secure online payment system like PayPal to accept transactions. If your systems are compromised, keystroke loggers and other hacking tools can scrape the manually entered information for later attacks.”
In addition, make sure you’ve upgraded to the latest point-of-sale equipment for in-person purchases.
- Don’t Bank Over Unsecured Wi-Fi
Wi-Fi connections at coffee shops, airports and other public places are convenient, but they aren’t secure. Never log into your online banking profile on an unsecured network—it’s all too easy for someone to steal your information that way.
“If you are a road warrior and are using public Wi-Fi, invest in a VPN service to secure your transmissions,” recommended Douglas Boemker, CEO of Macrotec Security Corp.
- Don’t Use Free USB Drives
Free USB drives might seem appealing, but they can cause big problems. “If you don’t trust the source of the USB drive, don’t plug it in,” Sharma said. “These drives can very easily be used to carry and deliver a malware or virus onto your computer, allowing someone else access to your important information.”
- Secure Physical Devices Storing Sensitive Data
Don’t forget that sensitive data can be physically stolen as well. Computers and drives with private business or customer information should be protected. “Assume somebody will steal them and plan accordingly,” said Greg Scott, author of Bullseye Breach, an educational IT security book. “Remote wiping is also a good thing for phones and tablets.”
So, no leaving your computer in the front seat of your car!
- Train Your Employees
When it comes to good cybersecurity, your actions are more important than any technology. If you have employees, hold regular training to make sure they’re aware of company IT policies, and how to avoid email scams and other types of cyberattacks.Lastly, if you handle extremely sensitive information such as medical or legal files, consider expert help. “Hiring a managed service provider with the expertise to advise and correct these security problems will potentially prevent a breach and augment your staff with the latest best practices to combat modern cybersecurity issues,” Haber said.