Many small businesses have a false sense of security when it comes to cybercrime. More than 75% of U.S. small businesses believe they are safe from it, even though 83% of them do not have formal cyber security plans, according to a study conducted by the National Cyber Security Alliance and Symantec.
Why Is There a False Sense of Security?
Many small businesses assume their size will keep them safe from cybercrime. They often believe that cybercriminals will only go after large companies because those companies have more money, email addresses, credit card numbers, and trade secrets to steal.
However, large companies also have more security experts and IT administrators to guard their assets. Many small businesses do not even have an IT administrator. A third of all small businesses rely on a nontechnical employee to manage their IT systems, according to an AMI-Partners study commissioned by Microsoft.
In reality, cybercriminals often target small businesses because they usually do not have the expertise or resources to fend them off. In 2014, more than a third of all reported targeted attacks were against small businesses, according to Symantec's 2015 Internet Security Threat Report.
How to Protect Your Small Business from Cybercriminals
There are many measures you can take to help protect your business from cyberattacks. Some of them are fairly easy to put in place, even without the help of an IT administrator. Others measures are more involved. For these measures, you might want to get help from an outside security expert if your business does not have the necessary expertise.
Use security software and a firewall: In 2014, cybercriminals created 317 million pieces of new malware, almost 1 million per day, according to the 2015 Internet Security Threat Report. So, one of the first measures to take is to make sure you have software that detects malware, viruses, and spyware. This security software needs to be updated often. You will also want to make sure you have an operational firewall.
Create and enforce a password policy: A simple measure that can help keep cybercriminals at bay is to create a password policy. You can use this policy to make sure that employees use strong passwords and change them regularly. You can also use it to make sure that different system accounts have different passwords. To make the password policy effective, you need to enforce it.
Provide security training: Employees will not be able to use strong passwords if they do not know how to create them. This is where security training comes in handy. Besides teaching employees how to create a strong password, you can educate them about security threats, such as how attackers use phishing emails that contain malware to infiltrate companies. You can then tell employees about the best ways to thwart attacks. In the case of phishing, you can tell them to verify links in emails before clicking them and not open email attachments that look suspicious.
Dedicate a computer for online banking: If you conduct financial transactions over the Internet, the FBI, American Bankers Association, and Federal Reserve all recommend that you dedicate a computer for this purpose. You should not use this computer for any other online activities that might expose it to vulnerabilities. For example, you should not use it for emailing and surfing the web.
Use two-factor authentication: Using two-factor authentication during logins adds an additional layer of security. With two-factor authentication, employees need to verify their identity with something they have and with something they know. For instance, you might have them swipe a card through a reader and enter a security code. If you have remote employees, you might have them enter a randomly generated number from an electronic token card and enter a password.
Encrypt and back up your data: You can use encryption to protect your data when it is being transmitted over the Internet and when it is sitting in a database or file server. Encryption protocols such as Secure Sockets Layer, or SSL, enable you to protect your data as it is being transmitted over the Internet. Disk drives and databases usually include encryption technology that lets you encrypt data while it is at rest.
Encryption helps stop hackers from stealing sensitive data. It can also help prevent a ransomware attack. Ransomware is a type of malware that cybercriminals use to extort money from victims. They often use it to encrypt data and then demand a ransom to get the password needed for decryption.
There are other types of ransomware attacks. Cybercriminals sometimes use ransomware to lock a computer system and then demand a ransom to unlock it. The best way to defend against all types of ransomware is to regularly back up your data. That way, you can refuse to give in to the cybercriminals' demands, knowing that you will be able to restore your systems and data if they cause harm.
Be Prepared for an Attack
The measures discussed here are only some of the ones you can take to fend off cybercriminals. Despite your best efforts, though, your small business might still fall victim to an attack. For this reason, you should create a contingency plan covering how to deal with an attack. You also might consider getting an insurance policy that protects you against any losses that you might incur from a cyberattack.