Cyberattacks pose a huge threat for individuals and organizations. Small businesses are particularly tempting targets because they potentially hold information that cybercriminals would want to access, and they usually lack the systems needed to protect their digital systems for storing, accessing, and disseminating data and information.
Many small business owners have expressed feeling that their businesses are exposed to cyberattacks; however, they often cannot afford professional help or do not know how or where to begin.
Start by learning about common cybersecurity best practices, understanding common threats, and dedicating resources to address and improve your cybersecurity.
Offer your employees training
Employee communications can create major gaps for small businesses because employees usually have direct access into the digital systems of the business. Offer your employees training on best practices of basic internet usage can lessen the risks of cyberattacks.
Other training topics to cover include:
Guard your networks
Safeguard your internet connection by encrypting information and using a firewall. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name. Password-protect access to the router. If you have employees working remotely, consider using a Virtual Private Network (VPN) to allow them to connect to your network securely from out of the office.
Use antivirus software and keep all software updated
Make sure all of your business’s computers are equipped with antivirus software and are updated regularly. Such software can be found online from a variety of different vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. It is recommended to configure all software to install updates automatically. In addition to updating antivirus software, it is key to update software associated with operating systems, web browsers, and other applications, as this will help secure your entire infrastructure.
Implement Multi-Factor Authentication
Multi-Factor Authentication (MFA) is a mechanism to verify an individual’s identity by requiring them to provide more than just a typical username and password. It commonly requires users to provide two or more of the following: something the user knows (password, phrase, PIN), something the user has (physical token, phone), and/or something that physically represents the user (fingerprint, facial recognition). Check with your vendors to see if they offer MFA for your various types of accounts (e.g., financial, accounting, payroll).
Monitor and manage Cloud Service Provider (CSP) accounts
Consider using a CSP to host your organization’s information, applications, and collaboration services, especially if you’re utilizing a hybrid work structure. Software-as-a-Service (SaaS) providers for email and workplace productivity can help secure data being processed.
Protect and back up sensitive data
As important as it is to include best practices in your cybersecurity strategy, preventative measures can only go so far. Cyberattacks are constantly evolving, and business owners should be aware of the most common types.
Malware
Malware (malicious software) is an umbrella term that refers to software intentionally designed to cause damage to a computer, server, or computer network. Malware can include viruses and ransomware.
Viruses
Viruses are harmful programs intended to spread from computers to other connected devices like a disease. Cyber criminals use viruses to gain access to your systems and to cause significant and sometimes unrepairable issues.
Ransomware
Ransomware is a specific type of malware that infects and restricts access to a computer until some sort of ransom is provided. Ransomware will commonly encrypt data on the victim's device and demand money in return for a promise to restore the data. Ransomware exploits unpatched vulnerabilities in software and is usually delivered through phishing emails.
Spyware
Spyware is a form of malware that is designed to gather information from a target, and then send it to another entity without consent. There are types of spyware that are legitimate, legal, and operate for commercial purposes such as advertising data collected by social media platforms, however malicious spyware is used frequently to steal information and send it to other parties.
Phishing
Phishing is a type of cyberattack that uses email or a malicious website to infect your computer or system with malware or to collect sensitive information. Phishing emails appear as though they’ve been sent from a legitimate organization or known individual. These emails often entice users to click on a link or open an attachment containing malicious code. Be very cautious about opening links from unknown sources. If something seems suspicious from a known source, don’t just click on it - ask the source directly if it's legitimate.
The first step in improving the cybersecurity of your business is understanding the risk of an attack, and where you can make improvements to safeguard your data and systems.
A cybersecurity risk assessment can identify where a business is vulnerable, and help you create a plan of action, which should include guidance on user training, securing email platforms, and protecting your business’s information systems and data.