Here’s a startling statistic that just might shock you. In the last 12 months, 42% of small businesses found themselves victims of a cyberattack. Most common among these were phishing attacks, which made up almost a quarter of cybercrimes against small businesses. Then came data breaches (18.6%), malware attacks (16.5%), denial of service also known as DoS attacks (14.8%), ransomware attacks (11.3%), and other cybercrimes (15%). The point here is that there are many ways bad actors are trying to breach your systems and wreak havoc on your small business. And, if they are successful, it will cost your organization big bucks.
The average cost of a data breach on a US small business is more than $100 thousand. And that already scary number is ticking up. Not to mention that the fallout of a data breach can gravely affect a small business's ability to continue operations, negatively impact the safety and security of customers, and take years to recover from.
The point here is not to scare you as a small business owner, but instead, to create awareness around the importance of a cybersecurity strategy that adequately suits the size of your organization, identifies your vulnerabilities, and implements smart tactics and solutions to keep your business as safe as possible in an increasingly dangerous threat environment.
1. Employee Training.
According to a recent IBM Cyber Security Intelligence Index Report, human error is the root cause of 95% of all cybersecurity breaches. Therefore, it is imperative to establish cybersecurity practices throughout your business including strong password protocols, internet usage guidelines, and perhaps most importantly, awareness programs on common phishing email ploys and telltales.
Ensuring employee cybersecurity compliance should be a sustained and overt effort. Consider creating a Cybersecurity Employee Handbook and make it part of your employee onboarding and training program. At the minimum, your cybersecurity policies should include:
- High security password requirements
- Email security protocol
- Sensitive data best practices
- Social media and internet access rules
Again, email is the most common entry point for cybercriminals. Make sure your entire team understands the dangers and knows what to look for.
2. Keep Your Systems Updated.
Many small businesses fail to recognize the importance of updated operating systems and software. A shocking number of small businesses are still using Windows 7, an operating system that is no longer receiving Microsoft security software updates or patches. While MS was providing some business with annual updates via its Extended Security Updates program, those too are likely set to expire soon.
Outdated and unsupported software leaves your small business systems more vulnerable to ransomware attacks, malware, and date breaches. Most malware targets older software, as cybercriminals are aware of vulnerabilities within these outdated versions, and thus exploit them to gain access to systems and sensitive information.
The risk of outdated technology is enormous and the cost of a breach or cyberattack can bring a small business to its knees. So keep your systems and software up to date.
3. Back Up Everything.
Data backup is the process of copying and storing digital data from a primary location to a secondary system so it can be restored should a data loss or corruption even occur. In the case of malware or ransomware, even if the initial breach is remedied or the ransom paid, around 60% of victims’ data is lost or irretrievably corrupted.
For small businesses, backing up to an external hard drive might be enough for a data backup and storage solution. If your business has a Local Area Network (LAN) you can back up data to another computer or server, though the potential of physical threats (like fire, tornadoes, flooding, etc.) might leave them vulnerable. Cloud backups, also known as online backups, are services in which data and applications are backed up and stored on a remote server.
Regardless of which method you decide is right for you, backup your systems as often as possible. Some solutions even allow for automatic backups every five minutes. While this frequency might seem excessive to some, experts urge small businesses to perform data backups at least daily.
While cybersecurity solutions and safety tactics are evolving literally every day, it is imperative that small business owners understand the current threat landscape and create smart strategies to maintain the safety of their data and systems. Even the most basic approaches, like the ones outlined above, better position your small business to prevent or survive a catastrophic hacking event.