According to the Better Business Bureau, U.S. small businesses lost an average $79,841 from cyberattacks in 2017. What are you doing about this in 2019?
January 7, 2019 5 min read
Opinions expressed by Entrepreneur contributors are their own.
Business data is more than propriety information. Most small businesses hold customer credit card information on file and maintain electronic employee records, as well as manage their banking online. And a breach of this data disrupts basic operations and damages your reputation not to mention probably costing you thousands of dollars.
Symantec, in fact, recently released a study describing how cyberattacks against small businesses are on the rise and are expected to increase in the coming years. With the Better Business Bureau reporting that U.S. small businesses lost an average $79,841 from cyberattacks in 2017, it makes sense to take action to avoid these potential losses. Here's how:
Conduct a cybersecurity audit.
The best way to defend against a cyberattack is to understand the areas of vulnerability and develop an action plan to address them. The Financial Industry Regulatory Authority (FINRA) has created a Small Firm Cybersecurity Checklist that is free to download and is basically an audit tool that helps you identify areas where your data is vulnerable to outside exploitation.
The checklist also points out other needs, such as employee-data management training, incident-response systems and other actions you can take to better secure your data. The checklist includes areas where you should document the remediation steps necessary to better secure your information.
Once completed, the checklist will show you exactly where you currently stand with regard to data security as well as provide a detailed action plan for improvement.
Train and monitor your employees.
Employee training of secure data management is important, but so is teaching your team to identify and report potential internal breaches. The IBM 2016 Cyber Security Intelligence Index found that 60 percent of all cyberattacks were carried out by people inside the companies surveyed. Of those insider attacks, three-quarters were carried out with malicious intent and the other quarter were committed by inadvertent actors.
For small businesses, protecting yourself from this type of internal threat begins with your onboarding process. Train employees on cybersecurity measures within the company and review the penalties, both internal and criminal, for intentional breaches. When an employee leaves, either voluntarily or not, conduct an out-boarding interview that reviews these penalties and then change all passwords and other security codes that the person used to assure that he or she cannot gain physical or electronic access to your business operations after leaving.
Manage information access.
Since most cyberattacks occur from internal sources, another way to protect your data is to limit access. Not every employee needs access to every account, database or file. Review all employees' roles within the company and give them access only to that information they need to perform their job. According to CompuQuip, you should classify your data and set up controls or tools to manage access.
This process protects your data in two ways. First, it limits how much information each employee can access, which will narrow the amount of harm that can occur if it is used for non-business purposes. Second, it will limit the damage that can occur if the employee is the victim of a phishing attack or other malware infection, since not all data systems will be accessed.
Set up automatic software updates.
Cybercriminals analyze software programs for vulnerabilities and exploit those weaknesses whenever possible. The newer the software version you are running, the more protected it is from attacks. According to Comodo Antivirus, updating your antivirus, operating system, and other software regularly lessens your risk of being infected by malware or becoming the victim of ransomware attacks.
Few businesses take the time to update their systems on a regular basis, but most software packages offer the option of automatic updates. Utilizing this feature is one of the best protections you have against external threats.
Use a decentralized virtual network.
You may think you're secure, but many business messenger and communication systems may be collecting your business data and communication history. This information may be used for the host’s own use or harvested by other companies without your knowledge or permission. For example, Facebook was recently fined £500,000 by the U.K.’s Information Commissioner’s Office for the social media platform's part in the Cambridge Analytica scandal. The reality is that delegating your data and privacy to an outside system leaves you vulnerable to this type of misuse of your information.
For this reason, Zangi Messenger's experts recommend creating your own secure and independent communication network for full control over your business data. This decentralized vertical network is hosted on your own company servers or clouds, giving you complete control over who has access to your information and how it is used.
Document-sharing, messaging and other standard business activities can then occur anywhere without risk of data breaches or malware downloads, making this a great solution for small companies conducting a lot of business away from the office.
Cybersecurity is a necessity that too many small businesses put on the back burner, but this lapse can lead to severe financial losses. Instead, conduct an internal audit, train and monitor employees and update your software regularly to better protect yourself. If you conduct most of your business out of the office, utilize a decentralized virtual network to keep your data secure wherever you go.