Small Business Cybersecurity Basics
By Ryan Kincer
Technology has become a prominent and indispensable part of everyday life for every business large and small. As technology continues to advance, so has the proliferation of cybercrime which is estimated to hit $6 trillion in damage costs annually by 2021. Cybersecurity is the term used to describe measures taken by a business to defend against the threat of cybercrime. Every business must acknowledge the threat of cybercrime and take action to adopt even a basic cybersecurity policy to protect themselves.
The general attitude towards cybersecurity is that large organization are the ones most at risk because they are an attractive target to cybercriminals. This is reinforced by the sensational media coverage in the wake of a massive security breach. But statistics in recent years show that more than 60% of cyberattacks are in fact against small businesses, that more than 60% of small businesses are not prepared for an attack, and that 60% of small businesses that suffer an attack are not able to recover. Because small businesses don’t have the same resources compared to larger companies, they often overlook or dismiss cybersecurity and this has made them an easy and profitable target for cybercriminals.
Even with limited resources, applying even the basic concepts of cybersecurity can help defend against the growing cyberthreat landscape. It is not possible for any business to be completely secure, but this simple guide provides small businesses with basic practices to help protect digital assets and information.
Keep all your software up to date. This includes updates for your operating system, commonly used software, and line of business software. Do not use older unsupported software as vendors are not required to provide security updates. Vulnerabilities in software are well known by cybercriminals and they use them to execute their attacks.
Install proper business security software on all computers to defend against and identify viruses and malware. Configure the software to auto-update, enable real-time protection, and run daily scans.
Perform encrypted backups of your data to one or more locations. The ideal backup strategy captures a backup over your local network with a copy to secure cloud storage. Backups should be checked regularly so there are no gaps.
Be careful with email attachments and web links. Phishing attacks are the most common method of cyberattack. Look for unknown or misspelled senders, strange or unprofessional use of language, poor spelling and grammar, conveyance of unexpected urgency or fear. Hover your mouse over web links to check the validity of the site. If in doubt, throw it out.
Use strong and diverse passwords. Do not use the same passwords for business and personal accounts. It is not expected that you can keep track of all your passwords in your head so consider using a password manager.
Use two-factor authentication when possible. This utilizes a second means of identification usually by a code that is sent to your mobile device. Many reputable online software vendors that you are likely using have this option already available so take advantage of it.
Be careful downloading software. Do not download software from an unknown web page. Only those web pages belonging to reputable businesses with which you have a business relationship should be considered reasonably safe for downloading software.
Train and educate employees to make them aware of the latest security threats and how to avoid them. The human factor is the weakest link of the cybersecurity chain and an effective security policy requires everyone in the organization to be on the same page. Security awareness training on an annual basis goes a long way in making your business more secure. Make it part of your employee onboarding process as well.
Cybersecurity goes beyond adoption and implementation, it is an ongoing process that requires monitoring and review on a regular basis. If you are unsure how to start or if you lack the time to stay on top of it, utilize an IT professional to provide guidance and/or manage the security of your network. Whether you do it all yourself or get assistance, the end result of building a defense against cybercriminals will help safeguard your business so it can continue to thrive.
Ryan Kincer is a business technology leader with experience in various aspects of IT management, planning, and procurement including hardware, software, networking, and telecommunications. He may be reached at (951) 251-5336 ext. 215 or firstname.lastname@example.org.