Cyber criminals are increasingly attacking small companies. The ease of hacking small businesses due to failure to prepare or the belief they were too small to matter, now makes these companies and home networks prime targets for malicious actors. Currently, identity records from small businesses (SMBs) are now the top target for hackers.
Small and home businesses have some alarming cybersecurity statistics:
- Beazley Breach Response Services report that 71% of “ransomware attacks in 2018 targeted small businesses, with an average demand of $116,000.”
- 67% of SMBs report being hacked in 2018, with each breach exposing roughly 10,000 records. The risk with smaller companies is that the “small mom-and-pop CPA will have exposed your entire financial account history, your social security and tax filings.
- Worse, but not surprisingly, only 60% of SMBs report having a data security breach plan in place.
With small businesses reporting that they lose roughly $80K on average annually to cybercrime, here are some steps home offices and SMBs can follow to be more cyber secure.
Get training and keep up on new trends and threats. Employees are not only the first line of defense but also a company’s greatest risk. Important: learn how to recognize phishing risks and take appropriate action.
Secure your network. Set up firewalls. Keep software patched and operating systems up to date.
Follow email best practices, use good password hygiene, and choose an email provider that will encrypt and keep your email safe. Also, enable two-factor authentication whenever possible. Make sure your web hosting service is secure.
Consider using a VPN. It adds a layer of encryption to activities — but make sure to use a product that doesn’t store or misuse your data. Never use public wi-fi (at least without a VPN).
Keep a back up of data — consider keeping another backup in cloud storage in case of catastrophe.
Stay aware of changes in legislation and the regulatory landscape. Failure to do so could result in fines that only compound the expense of a breach. “Furthermore, state and federal unfair trade practices laws are now being used by state attorney generals and the Federal Trade Commission to regulate data security practices.”
There are a few plans or strategies small businesses should have in place to stay secure. Technically, they can go by many names but have a security plan that includes a risk mitigation strategy, a data security breach plan, and a data loss prevention and backup strategy —and test them before they are needed.
The plans don’t have to be complicated but should be reviewed and updated regularly.
Creating a very basic plan is a simple but worthwhile exercise.
- Set an objective for the plan
- List your assets and the potential risks facing them
- List the ways to mitigate those risks as well as who is responsible for executing that action.
With small businesses being an increasingly desirable cyber target, taking the time to create these plans and follow the basics won’t take very long but will payback in the long run by helping keep your business up and running, protect your reputation, and keep your company and customer data safe.