Now more than ever, small business owners are continually reminded of the importance of protecting their data. Whether a large corporation or a small to medium size business, cyber criminals don't discriminate. With news headlines of U.S. election hacking and the Equifax data breach, it's nearly impossible to ignore the growing importance of cyber security.
In fact, small businesses are usually easier targets because oftentimes they do not stay up to date on the latest cyber security best practices. While a recent BizBuySell survey showed that 90 percent of small business owners consider cyber security extremely important, only 37 percent say they train employees on security policies.
The more business owners educate themselves and their employees, the more they can reduce the likelihood of a cyberattack. Here are five common sense measures business owners can follow to mitigate the risk of cyberattacks:
- Be Vigilant When Using Email. Whether it's annoying spam, the propagation of ransomware or targeted spear-phishing, email is by far one of the primary sources of cyberattacks targeting end users.
- Delete any suspicious emails you receive, especially if they demand some sort of action, contain links or attachments, or ask you to enable macros in order to view their content.
- Do not reply to suspicious emails and do not give out any sensitive information. No government or financial institutions would ever ask for sensitive information (e.g. SSN) via email, EVER.
- Never use links in an email you receive to connect to a suspicious website.
- Secure Your Company Website. Unsecure websites can easily be hacked and used to target a visitor's computer with malware. If you run your own website, ensure the following:
- Tighten access with more complex user name and password requirements, and limit the number of login attempts.
- Ensure your website platform's software is updated with the latest security software.
- Secure your website with a Web Application Firewall to inspect all incoming traffic.
- Switch your website to use HTTPS protocol, which makes it really hard for someone to steal sensitive information.
- Disable directory browsing of your website files.
- If you don't have experienced staff or time, consider running your business website through a professional hosting provider.
- Secure Your PC and Other Devices. These days, much of our business is conducted digitally, not only through our PCs, laptops, tablets and phones, but also your Wi-Fi routers and connected devices.
- Ensure your equipment has the latest security software and run anti-virus/malware scans. regularly. If you don't have anti-virus software installed, buy and install it.
- Install all software updates as soon as they are available, including all web browsers.
- Have the latest operating systems on your machines with access to regular updates.
- Make sure your Internet connect is protected with firewall security.
- Make your Wi-Fi network encrypted, hidden, as well as password protected.
- Secure Your Data. Storing data internally on in-house computers and servers can be risky. Not only does this leave your data vulnerable to cyberattacks, but your data could be completely lost due to damaged or stolen equipment, whether theft, vandalism or natural disaster.
- Limit access to sensitive data to only a few authorized employees.
- Encrypt all your sensitive data.
- Backup your data periodically and store it in an offsite location. External hard drives are fairly inexpensive and easy to use. If you prefer a cloud-based method, choose your provider carefully.
- Protect all devices with access to your data.
- If you accept credit cards transactions, secure each point of sale.
- Educate Your Employees. Your employees can be your strongest defense against cyberattacks. Unfortunately, many employees are not very well informed about cyber security and can easily fall victim to phishing and malware attacks.
- Implement formal security policies.
- Follow cyber security best practices and conduct audits on a regular basis.
- Use games contest and prizes to teach cyber safety.
- Notify and educate staff of any current cyberattacks.
- Teach them how to handle and protect sensitive data.
Any business - large, medium or small - can become a victim of a cyberattack. Having these best practices in place now can reduce the chances of your business falling victim to unfortunate circumstances in the future.