It’s no longer just large businesses and Fortune 500 companies that have to focus on cyber security. Small businesses are more vulnerable than ever and, as a result, are becoming fixtures in the crosshairs of savvy cyber criminals. As we prepare to enter a new year, it’s vital that small businesses develop proactive strategies and strong defenses.
Here’s What’s at Stake
Research curated by CNBC shows that 43 percent of all cyberattacks are now aimed at small businesses. And despite the fact that the average cost of one of these instances is $200,000, just 14 percent of small businesses are prepared to defend themselves.
As Mission Secure explains, cyber security issues are potentially deadly to businesses and their owners. By 2024, 75 percent of CEOs will be personally liable for cyber security incidents. And with hospitals and transportation companies now in focus, cyber-physical incidents — meaning cyber attacks that result in fatalities — will soon reach a financial cost exceeding $1 billion.
Between the loss of human life, litigation, regulatory fines, insurance, compensation, and the loss of reputation, the cost is simply too high to continue ignoring the need for high-level cyber security for small businesses. The time for taking action is now!
3 Tips for Improving Cyber Security
Every small business will eventually need to tailor a strategy to their own needs, but the following suggestions provide a decent place to begin:
1. Know Your Threats
The first key is to know what you’re up against. In other words, get familiar with the techniques hackers most commonly use to target small businesses. They include:
- Phishing commonly takes place via email. These attacks occur when a hacker tries to trick you (or one of your employees) into opening a link or attachment from a random email. Once clicked, the hacker can install a malicious program or virus on your device and steal sensitive data.
- Drive-by downloads. While less common than phishing attacks, drive-by downloads occur when you visit a malicious website and it attempts to download some sort of virus on your computer without asking for permission. (This can happen when you don’t have the proper security systems in place.)
- Watering holes. Sometimes legitimate websites can be hijacked by a cyber criminal and used against unsuspecting visitors. (These attacks usually involve some sort of voluntary download that initially appears to be a legitimate asset.)
While it’s certainly possible to be attacked using some unrelated method, these are the techniques that are most likely. By understanding them, you can avoid them.
2. Train Your Employees
Your organization is only as strong as the weakest link. Nine out of 10 employees can understand basic cyber security protocols, but the one employee who doesn’t could put your business in a compromising situation.
With that being said, ongoing training for everyone in your organization is a must. And for best results, you should start with the low hanging fruit – like phishing.
“Hackers cast a lot of lines to see where they can get a nibble, but a sophisticated attacker with the right information can create a highly-targeted scheme to work their way into your network,” cyber security expert Martin Jones writes. “You need to teach your employees how to identify a ‘phishy’ looking email and where to go if they have questions.”
For best results, organize training sessions by department. When you adopt a team-based approach to security training, people feel more unified and supported. This goes a long way towards developing a culture that’s committed to cyber security.
3. Improve Password Hygiene
Improving password hygiene is one of the smartest things you can do for your organization’s cyber security. Employees should be required to:
- Use sophisticated passwords (including multiple character sets)
- Only use a password once
- Switch passwords on a monthly basis
- Avoid auto-login and shared accounts
Doing these four things and nothing else will dramatically improve your account-level security and prevent hackers from enjoying easy access to your network.
Adding it All Up
The 2021 calendar year is going to be a big one for small business cyber security. Experts anticipate a significant increase in the size and frequency of attacks, which will further expose the underlying vulnerabilities that already exist. Get ahead of the curve by strengthening your digital “perimeter” today!