Cyberattacks cost businesses millions of dollars each year, and they can be especially damaging to small and medium-sized businesses. More than 60% of small and medium businesses were the target of a cyberattack during 2021, according to Verizon’s 2022 Data Breach Investigations Report.
Because most small businesses do not invest much time or money into preventing cyberattacks, they are easy targets for cyber criminals. However, when small businesses fall victim to these attacks, their reputations, customer data and individual livelihoods are at risk.
Hackers are clever and increasingly sophisticated, but they are not invincible. Business owners and cybersecurity teams can take strategic steps to even the playing field and stay ahead of the hackers and their schemes. Get started with these six crucial tips.
Create a security policy
Every business should establish a basic security policy and practices and make it available in writing to all employees. The policy should include things like requirements for strong passwords and how frequently passwords must be updated, and appropriate internet usage guidelines. It should also address rules for how to handle and protect customer information and other important data. Make sure the policy includes information about the penalties for violating cybersecurity rules.
Require new employees to read and sign the cybersecurity policy before beginning work with your business. It’s also a good idea to require current employees to read and sign the policy at least once per year to keep it fresh on their minds.
Keep systems updated and protected
The best defense against viruses, malware and online threats is using the latest security software, web browser, and operating system. Make sure you keep your machines updated, and if employees log into your company system through a personal device, require them to keep those devices updated as well.
You can easily set antivirus software to run a scan after each system update. When the software programs you use provide an update, install it as soon as it’s available.
Train employees to spot and avoid helping hackers
Your employees may be smart and insightful, but that doesn’t mean they naturally know how to spot hacking attempts. Hackers have become increasingly sophisticated, tapping employees’ social media and networks to help them name-drop or impersonate friends and acquaintances to build trust among victims. In fact, 82% of data breaches in the past year involved the human element, according to the 2022 Verizon report.
Provide annual security awareness training for employees to keep them informed about hackers’ latest tricks. Also, remind them regularly that passwords should never be shared, even among co-workers or someone who calls and claims to be working with your IT provider.
Implement multi-factor authentication
Even the best employees can fall victim to a hacker’s traps, clicking on a link in a phishing email or inadvertently sharing login information with the wrong person. That’s why it’s crucially important to implement multi-factor authentication (MFA). With MFA, a user attempting to log into your system on a computer will be directed to enter a code sent to their mobile phone or other device before they will be granted access. When MFA is required, it’s much more difficult for hackers to gain access to your system.
Limit access to data and software installation
No employee should have access to all data systems. Each employee should only be given access to the specific data and programs they need to do their job effectively.
Also, employees should not have freedom to install software on any business-owned devices. Designate one trusted person or a group of people who have authority to install software with explicit permission.
Backup systems regularly
Even if a small business recovers from a cyberattack, the data lost as a result of the attack can be crippling. One study showed that almost 40% of small businesses reported that they lost crucial data as a result of an attack. Losing sensitive customer data can result in customer lawsuits and paying damages, and losing critical business-related data can hamper a company’s future growth.
To prevent the damage caused by lost data, regularly backup the data on all business-owned computers. That includes Word documents, spreadsheets, databases, financial files, human resources files, and accounts receivable and accounts payable files.
If possible, it’s best to backup data automatically. If not, conduct backups at least on a weekly basis. Store the copies of your data off site or in the cloud so that you will have access to them in the event of a fire or other physical damaging event to your business location.
Provide firewall and VPN security for your internet connection
A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure your operating system’s firewall is enabled, or install free firewall software available online. If employees work from home, ensure that their home systems are protected by a firewall. A Virtual Private Network (VPN), on the other hand, hides your IP address, which is the string of numbers that identifies your device. It works by routing your network connection through a remote server, protecting you from those trying to find your location and other valuable data. To fully protect the computers on your network, the best strategy is to install an efficient firewall along with a VPN.
Secure your wi-fi networks
If you have a wi-fi network for your workplace, make sure it is secure, encrypted and hidden. To hide your wi-fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Protect access to the router with a password.
Create a mobile device action plan
Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password-protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
Employ best practices on computers with payment systems installed
Work with banks or payment processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations based on agreements with your bank or payment processor. Isolate payment systems from other less secure programs and don’t use the same computer to process payments and surf the Internet.
Head to https://www.valley.com/security to learn more about daily security practices for you personal and business information.