If you run a small business, it’s a matter of when, not if, your computer system or cyberinfrastructure falls prey to cybercriminals. Every day, thousands of small companies find their systems compromised and data stolen. When large companies are hacked, the media soon report the details. These giant corporations can afford the most advanced cyber security, and are still vulnerable to cyber attacks.
At the same time, when major companies such as T-Mobile, Marriott or Capital One are hacked, they can still survive. That’s not necessarily the case when the cyber attack victim is a small firm. The results could destroy the company, and that is what happens to nearly 60 percent of small businesses after experiencing a breach.
Lack of Preparedness
A 2019 survey [PDF] of 500 top decision-makers at small and mid-sized businesses revealed an alarming lack of preparedness when it came to protecting their companies from cyberattacks. Here are some of the results:
- Just 40 percent had a cyber attack prevention plan
- Less than 10 percent consider cybersecurity a major threat
- 43 percent of CEOs or corporate chairs consider a cyberattack “unlikely”
- 25 percent of these decision-makers have “no idea” where to start with cybersecurity
Overall, these leaders greatly underestimated the cyber risks to their businesses, and many aren’t sure just where the responsibility lies for cybersecurity. Just 37 percent report employing a dedicated IT and cybersecurity team. Nearly 75 percent of respondents from companies with less than $1 million in annual revenue think they won’t be targeted for a cyberattack.
There is an exception to this general “it probably won’t happen here” attitude, and that concerns financial firms. Still, just half of those dealing in financial services think a cyberattack is likely.
There is one bright spot in the overall bleak cybersecurity outlook concerning small business owners and leadership. Most recognize that password protection is a basic step in cybersecurity matters, and 75 percent of companies instruct employees to change passwords frequently.
Protecting Your Site
You might think that if your system was targeted by cybercriminals, you would know it fairly quickly. Unfortunately, most companies do not realize they are compromised for more than three months after the initial attack. The theft of customer data and proprietary information is bad enough, but the damage to the brand may prove fatal.
Along with working with a reliable cybersecurity company, here are some tips for protecting your site and reducing the odds of becoming a victim of cyber attacks.
Daily backups –Perform daily backups of files and data. While this should serve as a standard operating procedure, many companies fail to do it. If your system is compromised or a malefactor freezes your network unless you pay the demanded ransomware, you are in a much better position.
Routine device scanning –Employees often unwittingly introduce malware or ransomware into your system via the use of their laptops, smartphones, or desktops. Do not allow workers to use USB drives or similar items on your system, and make routine scanning of any device connected to your network a priority.
Anti-virus and other tools –Install and update anti-virus and similar tools to seek out viruses and dangerous programs regularly.
Regular risk assessment –Carry out a regular risk assessment and vulnerability testing on networks and applications. Forewarned is forearmed, and such tests discover potential failure points prior to occurrence.
Ongoing employee training –At least every 90 days, inform employees of recent cyber threats and ways to combat them. Combatting cybercrime is a team effort. Provide employees with information about recognizing cyber fraud, such as phishing emails, and keep them up-to-date. If they have a question, they should have an IT person to consult.
If there is a data breach, let employees know immediately. You might stop further damage if other workers do not make the same mistake. Sophisticated cyber criminals are always upping their game, and their methodology often consists of luring in the unaware.
A Multi-Pronged Approach
When it comes to protecting your small business, there is no one-size-fits-all regarding cybersecurity measures. Consider contacting a cyber security firm to review your practices, assess your current vulnerabilities, and provide the right platform for your needs.