No company is immune to cybersecurity attacks. If you think that because your business is relatively small, hackers will bypass you for bigger fish to fry, think again. In fact, smaller companies often lack resources to protect precious resources like the trove of data they collect, maintain and use on a daily basis.
They will present a tempting target to thieves. With that in mind, it’s useful to consider cybersecurity strategies for small business owners that you can implement today.
Start Planning Now, Before Disaster Strikes
Ideally, you and fellow stakeholders in your small business have already determined that it’s time to take cybersecurity more seriously. This could be in reaction to you having read yet another news account of a company that was attacked and lost valuable customer data.
The more prudent companies will develop a plan to specify what they will do if they’re attacked by criminal hackers. The U.S. Cybersecurity & Infrastructure Security Agency advocates that small business owners approach the topic of cyber security for what it is, a business risk.
Accordingly, you would ask what kind of impact a cyber security event would mean for your business.
For example, what might happen if hackers obtain sensitive information about your customers or employees? How will vendors be impacted, or any business partners? Not only do you stand to burn money as employees are idled until the computer systems are sorted out and restored, you face a hit to your reputation.
Companies will think twice about partnering with you if you demonstrate an inability to protect your own intellectual property. When you take stock of how much your business relies on information technology, it will be easier to assess the potential impact of cybersecurity threats. Having a contingency plan in place will bring calm to your offices during a storm of cyber crime.
Virtual Private Network
One of the best things you can deploy for security is a virtual private network or VPN for all employees to use. In essence, a VPN allows you to go online anonymously by hiding your computer’s internet protocol or IP address.
This keeps your activities secret. The connections are encrypted so you have privacy even while logging in over a Wi-Fi connection. From email messages to the login credentials used to sign into various accounts, all the activity is cloaked so criminals cannot eavesdrop and steal this valuable information.
The U.S. Small Business Administration reports that 28% of cyber attacks are targeted against small business owners, which belies the idea that criminals are not interested in smaller companies. There is no “security through obscurity” to protect small companies. To counter such threats, the SBA recommends that companies conduct a risk assessment of their current situation, which will aid in making a defensive plan. Then, it’s a matter of training employees in online security best practices.
For example, you’ll need to establish a policy about passwords. Tell employees to change their passwords frequently, such as once per week or month. Do not write passwords down on notes taped to the computer monitor.
A criminal who manages to enter the building can see these passwords and then use them to break into your computer network after leaving the building. Think how easy it is to pose as a delivery person or actually working in delivery to disguise hacking efforts, and you’ll make sure that workers keep their passwords hidden.
Finally, keep in mind that people who work in your small business need to be aware of the risks of cyber crime and what practices they should follow to keep your information safe and secure. All new hires should undergo computer security training before being assigned a computer, laptop or smartphone. If you have not conducted company-wide security training yet, hold an all-hands meeting to rectify this issue.
Think of how your business depends on the data that you collect and keep, and what would happen to your operations if you suddenly lost access to your computer servers following a cyber attack (or even a system crash unrelated to criminals).
A particularly nasty form of cyber crime uses “ransomware.” Hackers infect a targeted company’s computer with a virus that locks down the data, holding it hostage until the company sends payment, typically in the form of bitcoin. Criminals do this by tricking employees to click on a malware link in an email or text message, or putting a strange flash drive in a computer’s USB drive that then attacks the system.
If your data is backed up regularly, you can laugh at the hackers and their ransomware. Wipe your drives clean and restore them from backups, and then your small business will be back up and running.
Redundant Offsite Storage
Making backups on a regular basis is an important first step in improving your cybersecurity. For added safety, it pays to investigate using a cloud computing service provider to store data from your business online.
This gives you a backup on redundant, remote servers, so you can restore your data in the event of a local hardware crash or cyber attack.
Establish a BYOD Policy
What about employees bringing their own device to use at work, a practice known as BYOD?
Depending on the size of your business and your available budget for technology and software, you might be in a position to provide company smartphones or laptops to all employees who need them, especially when they’re working while out in the field.
If it’s not practical to issue these devices, your IT department will need to take steps to protect company information being accessed, stored and used on employee’s devices. This is where a BYOD policy comes into play.
Smaller Businesses Can Be More Agile and Responsive to Cyber Security Threats
Every day that you leave your company unprotected against cyber crime is another day of vulnerability that you can ill afford. Remember that if, for example, you run into hackers using ransomware to hold your data hostage, you’ll be at their mercy if you failed to plan ahead and maintain backups in multiple locations.
Fortunately, business owners are often able to work more nimbly in an agile manner, compared to enormous corporations that have to hold meetings and create business use cases before deploying assets into a cybersecurity program.
The fact that you can react quickly means you have an advantage of low bureaucratic overhead, with less meetings and paperwork to build up your defenses. You can make a decision to shore up your cybersecurity system today. Doing so will help ensure the long-term success of your enterprise amidst uncertainty in a world of online criminals.