How to improve cyber security for your small business

According to a recent SBA survey, 88% of small business owners felt their business was vulnerable to a cyber attack. Yet many businesses can’t afford professional IT solutions, have limited time to devote to cyber security, or they don’t know where to begin.
 

The best way for small business owners to be adequately prepared is to educate themselves on common threats and the best strategies to defend themselves from a cyber attack.

Social engineering fraud

Social engineering fraud involves manipulating people into divulging confidential information such as passwords, social security numbers, or credit card information. The most common form of social engineering fraud is phishing emails, which are designed to appear as though they have been sent from a legitimate organization or known individual and trick victims into paying out money or revealing sensitive data. A small business looking into new products and vendors — for example, to help systematize their day-to-day operations — may be susceptible to social engineering fraud. Be sure to check on the credibility of the organization before responding to emails or clicking on any email links.

Remote working options

Many small businesses offer working from home options and, while remote work can have some advantages, it can also expose businesses to a range of cyber security risks. With a distributed workforce, it’s important for staff to be even more careful about maintaining cyber hygiene.

Malware

Malware is any software intentionally designed to cause disruption and damage to a computer, network, or gain unauthorized access to private information — such as viruses and ransomware. While ransomware attacks are generally associated with larger companies, in fact 50 to 70 percent of ransomware attacks are aimed at small and medium-sized companies — and most small businesses fail within six months of an attack. ¹

1. Educate your employees

As cyber criminals evolve and become savvier, it’s essential to regularly update your employees on new protocols. The more your employees know about cyber attacks and how to protect your data, the safer your business will be. Send out regular reminders not to open attachments or click on links in emails from people they don’t know or expect; outline procedures for encrypting personal or sensitive information; and train employees to double check if they get rush requests to issue unexpected payments—a common scam.
 

2. Implement safe password practices

Many data breaches occur due to weak, stolen, or lost passwords. In today’s world of working from your own devices, it’s crucial that all employee devices accessing the company network are password protected. Have employees change their passwords regularly by automatically prompting them to change their passwords every 60 to 90 days.
 

3. Make sure you’ve got the right partners and platforms

Your cyber security is only as good as the security of the platforms and partners your business depends on. Check the following:

• Do you have a WAF (web application firewall) in place – to protect your site?
  
  
• Is your ecommerce platform PCI-DSS (payment card industry data security standards) Level 1 compliant? That will protect you against digital data security breaches across your entire payment network, not just a single card.
  
  
• Does your website hosting company have staff that are regularly patching security vulnerabilities – to reduce the likelihood of attacks?
  
  
• Check to make sure each company computer has antivirus software installed. Even after training employees on how to identify a phishing email, they may be susceptible.

4. Secure your hardware

Data breaches can be caused by physical property being stolen too. If your servers, laptops, cell phones or other electronics are not secured and are easy to steal, you are taking a big risk. Security cameras and alarms will help, but physically locking down computers and servers will help even more. Whether your employees are working from home, a coworking space, or a traditional office, be sure they understand how to keep their company equipment protected.

5. Regularly back up all data

No matter how vigilant you are with your cyber security strategies, data breaches can still happen. The most important information to back up is:

• Databases
  
  
• Financial files
  
  
• Human resources files
  
  
• Accounts receivable/payable files

Be sure to also back up all data stored on an online drive and check your backup regularly to ensure that it is functioning correctly.

Your insurance company may also provide cyber consulting and risk management services, so check with your agent or broker when choosing your cyber insurance coverage. You can also hire an outside expert to evaluate risks!