Each day, it seems as though a new cyberattack makes headlines. Major companies like Uber, Equifax and Yahoo recently revealed massive data breaches that affected millions of their customers, and as a result, cybersecurity has become one of the top areas of concern for many companies.
While it may seem like only large corporations are affected, small businesses are extremely vulnerable to cyberattacks. According to the 2016 State of SMB Cybersecurity Report, 14 million small businesses in the U.S. have been breached. To put this in perspective, that means half our country's small businesses have been a target for hackers.
Despite these threats, most entrepreneurs aren't doing much to protect themselves, according to a recent poll my company, Manta, conducted with online small business insurance agency Insureon. Of the 2,500 small business owners surveyed, 82 percent do not feel that they're at risk of experiencing a cyberattack. This is concerning considering the research found nearly one in six small businesses have been hacked in the past.
The good news? 77 percent said they're taking steps to protect their businesses by installing firewalls and using software to prevent malware and viruses. While this certainly shows small business owners are making strides towards improving their data security, there's a lot more they can do to bolster their cybersecurity defenses.
With this in mind, here are a few ways you can protect your small business from data breaches and other cybersecurity threats:
- Bolster your IT presence and security policies: More than half (58 percent) of the small business owners we surveyed say they handle their companies' cybersecurity needs themselves. Though this may save money in the short run, most entrepreneurs aren't IT experts -- nor do they have the bandwidth to stay current on the latest threats, software updates and other safeguards that are needed to protect their businesses.
If you don't have the budget to bring on a full-time IT employee, consider hiring a third party expert to help your business embrace cybersecurity best practices.
Also, take the time to create IT guidelines for your employees to follow -- no matter how small your company is. For instance, requiring your employees to use high-strength passwords and change them every few months and adjusting system permissions upon staff departures are small things that can make a big difference in strengthen your company's cybersecurity defenses.
- Consider investing in a cyber liability insurance policy: Data breaches are expensive. According to First Data, these incidents can cost small businesses between $36,000 and $50,000 in recovery expenses.
Cyber liability insurance helps offset these costs by paying for costs like credit monitoring services, customer notification and legal expenses. But despite the safety net provided by cyber liability insurance, our poll found that only 26 percent of small businesses currently carry the policy.
- Educate employees on best cybersecurity practices: Your employees aren't IT experts either, so educating them on a few best cybersecurity practices is essential to protecting your company's sensitive data.
To do this, take the time to create a process for regularly installing software updates. Though it seems simple, it's one of the best ways to shield your business from the risks that viruses and other malware may pose. For instance, the WannaCry ransomware attack that affected more than 200,000 people earlier this year was a result of malware exploiting a vulnerability in older versions of Microsoft Windows, meaning the entire incident could have been prevented had the victims simply installed routine software updates.
It's also important to teach your employees how to spot emails containing malware and phishers, as they're on the rise: Symantec's 2017 Internet Security Threat Report found that one in 131 emails contained malware, the highest rate in five years. To prevent them from compromising company data, encourage employees to hover over URLs before clicking to ensure they're visiting a valid website, and to avoid opening email attachments from unknown senders.
- Safeguard point-of-sale systems: If you use a point-of-sale (POS) system at your business, your customers' data could be vulnerable to hackers.
To ensure their data is secure, take steps to protect it by employing end-to-end encryption software, which immediately encrypts credit card information when it's received through a server. This method protects your customers' information -- and your own business' data -- from hackers, even if they're able to install malware on your POS system.
Though many entrepreneurs believe they're out of harm's way when it comes to data breaches, small businesses are just as vulnerable -- if not more so -- as large corporations. By taking a few steps to protect their data and strengthen IT practices, owners can safeguard their business assets -- and save themselves from the loss of thousands of dollars down the line.