Cybersecurity is a top concern among today’s small-business owners — and for good reason: A recent report from the National Small Business Association found half of small-business owners surveyed have suffered some sort of cyberattack. Disturbingly, 61 percent of those occurred within the last 12 months.
Online data breaches of major companies such as Target and Home Depot make big news, but plenty of small businesses have fallen victim to data breaches and other hacking crimes, as well. A single Seattle hacker stole data from at least 53 small- and medium-sized businesses between 2008 and 2010 and caused $3 million in damages to his victims. And there are thousands like him targeting small businesses, their owners, employees, and customers.
While you are likely familiar with the classic data breach in which a hacker steals customer credit-card numbers to use them fraudulently, cyberattacks can impact businesses in many other ways. Fraudulent payroll accounts can be created and used to siphon funds from business accounts. Employee information — including names, addresses, dates of birth, and Social Security numbers — can be stolen from an insecure system and used to commit identity theft. Intellectual property can be stolen. Some cybercriminals have actually locked business owners out of their own systems, demanding ransoms in exchange for passwords. Even an attack that does nothing more than cause a website outage can cost a small company valuable business. And cyberattacks can be devastating to a small business with a tight budget. According to the NSBA study, in 2014 the average cyberattack cost a small business $20,752 — 238 percent more than such attacks cost in 2013.
With cyberattacks on the rise, what’s a small-business owner to do? The best defense is preparedness. Small businesses are attacked more often than large companies simply because their systems are often more vulnerable. But by taking the following steps, you can help ensure your business data is protected.
Secure Hardware and Software
Some data breaches have actually occurred after thieves stole electronic equipment by physically breaking into a business. Obviously, security alarms and motion detectors can deter such crimes, but so can taking a step as simple as feeding a cable through computers’ lock slots and securing them to a desk. While you’re at it, ensure your systems are secure from a criminal inside your business by protecting everything possible with strong passwords.
Update Your Software
If your business software isn’t current with the latest updates, security patches, and bug fixes, it’s vulnerable to cyberattack. You can either set your software to update automatically, or set a recurring appointment on your calendar to ensure you don’t forget to install these important updates.
Activate Your Operating System’s Built-in Security
If you’re not using a version of Windows or OSX that already includes a business security suite, protect your business computer network by installing one that safeguards against viruses and malware, and use a strong encryption system. The encryption will scramble your data — including bank information, employee data, and credit card accounts — so even if hackers access it, they won’t be able to decipher the information. Most current operating systems offer full-disk encryption tools, such as Windows’ BitLocker for Windows and FileVault for Mac.
In addition, if you operate any portion of your network wirelessly, even connecting your network computers via Wi-Fi, disable the service set identifier (SSID) broadcasting function on the wireless router and protect Wi-Fi access with a long-string password with random letters and numbers.
Back Up Your Data Off-Site
In the event of a cyber attack, you can quickly recover and restore your business data if you’ve installed a secure backup system off-site. While this may sound like a costly and time-consuming endeavor, it doesn’t have to be. Cloud backup services such as iBackup, Barracuda, and Mozy provide a simple and affordable choice that can protect your business information from catastrophic loss. There are plenty of options, just be sure you understand how each service stores and protects your data before you sign up for anything.
If any computer on your network becomes compromised, your entire operation is at risk of cyberattack. Keep employees informed of security threats, and ensure they are taking the same online precautions and using secure passwords the way you are. Establishing a formal company internet policy — even if you only have a handful of employees to follow it — can help establish security expectations and advise employees to avoid common risks, including opening email attachments, clicking unknown links, and visiting suspicious websites. While it may seem obvious, it’s better to be sure employees are aware of how to avoid security risks.
As they say, an ounce of prevention equals a pound of cure, but even the most secure of systems is not completely immune from cyberattack. Therefore, it’s smart to monitor your accounts, your systems, and both your personal and your business’s credit. By checking your bank accounts online daily, subscribing to a credit-monitoring service, and using some basic common sense, you can increase the odds of catching a breach before it costs your business, your employees and your customers substantially.