We’ve all read with shock and horror about large cyber-attacks such as the breaches at Target, Netflix, and financial institutions including JP Morgan, but what if I told you that the most frequent threats have been to small and medium-sized businesses?
In fact, more and more small businesses are being targeted because many have valuable data that can be held for ransom or sold to others, yet they don’t typically think they will be targeted so they don’t have rigorous security protections in place.
Many small business owners think it won’t happen to them, but according to Inc. Magazine, “75% of SMBs would have to shut down if forced to pay cybercriminals to gain access to their data or software in a ransomware attack. The cost of this type of breach is more than just monetary; it also causes an intense disruption to a company’s operations.”
If you haven’t looked into your IT security yet, I encourage you to do so before it is too late and you are in data recovery mode. Making even small changes now will help not only protect your business, but also help save your business enormous amounts of time, money and hassle.
Designate an IT leader
Your first step, no matter the size of your business, is to hire someone to be in charge of managing your IT. I highly recommend using a third-party security service provider. When you use a third-party expert, they will assess your current IT structure and recommend the appropriate changes as well as train your employees. They will also perform regular risk assessments, develop constant monitoring and incident response strategies, review network alerts and performance and flag suspicious activity. A third-party provider may also:
- Train employees to spot suspicious emails
- You’ll need to educate yourself and all of your employees about common security threats. They need to understand the difference between legitimate and fraudulent emails. A few good examples of email hacking include clicking on an attachment in an email you think is from a vendor, but is actually a phishing scam. An employee choosing a weak password for a new account that gets hacked, or your IT team installing malware software on all of your company’s computers, but forgets to set automatic security updates on just one, can leave your business vulnerable.
- Use alternative email accounts
- Most of your employees will have a personal email account or they can create a gmail account for business purposes. You can greatly reduce the risk of your company email accounts getting onto spoofed email lists by having your staff use alternative email addresses when registering for activities online.
- Create strong email passwords
- Gone are the days of simple passwords or using the same password for every one of your business accounts. I can’t emphasize enough how important it is to create strong, unique passwords. I have found that using a password manager provides strong encryption and serves as a strong defense against cybercriminals. It will securely store all logins for each employee and regularly prompts you to update passwords. If you have an IT partner, they will be able to set this up for you.
- Keep malware software up to date
- This seems like a simple business rule, but many of my clients feel they just don’t have the time to install malware protection software on all company devices. A third-party provider will strongly suggest that you make this more of a priority and configure it to install patches and updates automatically. It is crucial that you run the latest version of malware software so you aren’t vulnerable to security problems.
Cyberattacks are here and they are going after your small business! Regardless of size, every business needs to stay proactive and vigilant against cyberattacks. Take the time now to invest in simple protective measures to prevent great harm to your business in the future.