Preventing Common Small Business Cyber Security Threats
58% of cyber attack victims are small businesses (organizations with fewer than 250 employees) according to the 2018 Verizon Data Breach Investigations Report.
It’s important that small business owners are aware of common cyber security threats, and more importantly, how to prevent them.
Why? Because the impacts of a data breach or cyber attack can cripple a business, regardless of how big or small you are, particularly if they don’t have cyber liability insurance.
First we’ll review some of the greatest cyber crime dangers to small companies, and then discuss how you can avoid and combat them.
Small Business Cyber Crime Dangers
Some cyber attacks are caused due to poor judgement or a lack of knowledge, while others are from malicious third-party actors.
Regardless, it’s important to know some common causes, which will be helpful when it comes to prevention, which we’ll discuss in the second half of this article.
While there are more than the ones we have listed below, here are our top three cyber security threats to look out for.
Internet of Things (IoT)
While the term may not be very familiar, both small and large businesses use the Internet of things as part of their operations.
The term refers to Internet connectivity in everyday objects that are enabled to send and receive data. However, many devices are not secure enough, providing hackers an open door to company information.
Are there devices in your business that could be part of the Internet of things, and thus a potential weakness in cyber security?
Alarm systems, security cameras, fitness trackers and even medical devices such as pacemakers are all potentially part of the Internet of things.
Relying On Algorithms
Companies lean more heavily than ever on computer programs to manage their operations.
Although this increases efficiency, the removal of humans from these parts of a company’s operations creates additional cybersecurity risks. Hackers are computer experts and hence adept at manipulating algorithms.
Companies should have staff members routinely monitoring operations and computer security. Avoid relying on computers to do that work.
Lack Of Knowledge
If small businesses assume they’re not significant enough to be targeted, they consequently don’t learn about cybercrime, its impact, or how to prevent it.
To protect your business, look into webinars and other learning opportunities designed to help small businesses stay secure from computer security threats.
The threats keep changing, so it’s important to keep up to date.
Combating Cyber Attacks
Now you know what cyber security threats to look out for, but that’s only half the battle.
You have to be able to fight these threats, so here are some tactics to protect your business, your employees, your customers and your valuable data.
Train Your Employees
Research shows that your employees are a likely source of most security issues. Often this is through innocent mistakes that could have been avoided with basic security training.
Most viruses and bugs spread because people open an email they believe is from someone they know, or because they click a suspicious link without considering what could be on the other end.
Train your employees to recognize phishing links and pages and make sure they never open unknown attachments. If it looks suspicious, it’s not worth the risk. These simple tactics can compromise your whole network if employees are not prepared.
Install Security Updates
The WannaCry ransomware attack in May 2017 affected more than a quarter-million computers across the world in less than a day, but Microsoft had released a critical security update to patch the vulnerability nearly two months before the attack began.
Any users who neglected to install the patch, or who used older, unsupported versions of Windows, were at risk.
Install security updates on all devices as soon as they’re available. Waiting until tomorrow could be too late.
Update All Software
All applications and programs should be kept current. By making sure the latest updates and versions are installed, you can keep your business safe from unnecessary vulnerabilities.
There is software available that will check that all your operating systems and applications are current. You can also set up certain tools to auto-install new updates.
Secure Your Network
Poor network security puts your entire organization at risk, as any data—from passwords to financial information—you or your employees transmit could be intercepted by attackers.
Invest in new networking technology with the latest security protocols, and set up a virtual private network (VPN) if any employees need to access the network remotely.
Review Social Media Privacy Settings
Lax social media privacy settings allow would-be hackers to find personal information that can help them answer security questions and checks.
Be careful about what you share online, and make sure anything you post on social is completely hidden from anyone you’re not friends with.
Filter Web Content
Even mainstream websites can be compromised with malware.
Web filtering software will help to protect your business without having to monitor everything employees are doing on the web.
Lock Down Your Website
Modern content management systems like WordPress are great for updating your website quickly and easily, but they can be vulnerable to attack if they’re not set up and protected properly.
Ask your web developer about limiting login attempts to prevent brute force attacks, and avoid themes and plugins that aren’t highly rated for security.
Lock Up Your Office
Basic physical security is a very important aspect of making sure your business network is secure.
The doors to your data centers and wiring closets should be kept locked, and you should make sure everyone keeps their desk drawers locked if they contain any sensitive data.
This could include items including flash drives, optical media and even printed information.
Have A Backup Plan
In the event of an attack, a recent backup is key. Not having backups could mean losing years of work or—worse—having no choice but to pay a ransom to recover your data.
Back up all website files every time you update it, and use a tool that backs up data on hard drives or servers daily or even automatically. The best plans include both cloud backups and offsite physical backups for your most important data.
Don’t Share User Accounts
Shared user accounts are risky for a few reasons.
They tend to have basic passwords so all users can remember them, and they make it virtually impossible to trace a breach back to its source since it could have been initiated by any employee accessing the account.
Ensure that each employee has their own login and password for all essential systems.
Disable Old Accounts
When someone leaves the company, cut off all their access, which ensures that they, or someone else, cannot use their credentials to log in.
The last thing you want is for an old account to be used for inappropriately.
Log Users Out Automatically
Set up employees’ computers so they log out after being left unattended for a certain amount of time.
People often forget to log out from their computer when called away from their desk. This leaves an open “door” to your network for anyone passing by.
By following these simple tips, you can make sure your business network is secure, potentially saving yourself, and your customers, a lot of headaches.
Use A Password Manager
Login attempt limits don’t always help if your password is something obvious like “password”. Even seemingly clever tricks like replacing letters with numbers are so commonplace today that an attacker can crack such a password in minutes.
Using a password manager might be overwhelming at first, but you’ll likely embrace it when you don’t have to remember passwords for dozens of accounts anymore.
Services like LastPass and 1Password generate secure passwords automatically, sync your login information across all your devices and offer tools for reviewing and improving your password security.
Passwords should be changed regularly, and different passwords should be used for different systems. You should also make sure you have a password policy in place, requiring your employees to change their various passwords regularly.
Cyber Liability Insurance
It’s important to know your enemy and how to fight them, but sometimes, they just get the best of you. That’s where cyber liability insurance coverage becomes important.
Having the right policy in place can protect you from lawsuits on behalf of clients and customers whose data had been exposed. To learn more about protecting your business from cyber security threats, visit our website.