In the News

Cybersecurity Tips for Small Businesses

Big data breaches are all over the news lately. Even Equifax, a company that monitors personal information for customers, found themselves the victims of hackers who stole identifying information of hundreds of millions of people.

More than one in four cyberattacks targeted small businesses in 2020. Considering that it can cost your business more than $870,000 to remediate a breach, it is shocking that 43% of small businesses do not have any data protection in place and that 63% of cyberattacks are the result of negligence.

As a business owner, you have a responsibility to your customers and your employees to protect the personal information they trust you to keep safe. Below are basic — and relatively inexpensive — steps you can take to protect your business.

Cultivate a culture of cybersecurity

The most effective protection you can take is free — make it part of your business culture. Everyone should be able to recognize attacks like phishing — fraudulent attempts to get information, clicks and downloads via email, phone and even text. Never click on links or downloads from sources that appear off, even if they appear to be from a trusted source.

All employees should also practice password hygiene. Passwords should be easily remembered by users but not easily guessed by hackers. That means the names of your children, favorite show or “123456789” are out.

Experts recommend a passphrase — a short saying (such as “I love to bike”) encoded in a memorable way (such as I<3t0b!k3) — instead of a password. Even better, use a password manager that creates and stores randomly generated, complex passwords.

Patch, update and protect

Back when records were on paper, we stored them in locked cabinets in secure locations. Your digital records should be similarly protected.

When you get an email or alert to upgrade your software (we are looking at you, Windows popup), do so as soon as possible. Hackers can exploit weaknesses in systems, and patches are meant to strengthen those vulnerabilities. Think of them like annoying holes you have to fix because your cat keeps trying to climb your screen — a pain, sure, but better than a house full of bugs.

You should also protect access to your network. Install antivirus software to reduce your risk of internet-based attacks. Restrict access to your Wi-Fi with a good password and a router that can block iffy sites and access from unknown users. Consider using a virtual private network (VPN) and/or firewall to shelter your company’s internet traffic from prying eyes. And protect your data from internal threats by limiting employee access to the most sensitive data.

Finally, protect your physical files by choosing the right storage. Cloud computing, which allows files to be stored and accessed over the internet instead of local computers, needs to be done securely. Similarly, back up your files so if you are the victim of a natural disaster, ransomware attack or denial of service attack, you have access to your files.

Remote work and cybersecurity

With more employees working from home, either as a result of ongoing pandemic restrictions or because you have found it to simply be a better model for your business, companies are faced with new cybersecurity challenges and threats.  Poor personal network security, use of unsecured private devices and a lack of IT support for remote workers are all real threats to companies with work from home staff.

However, like in-person security, remote worker network security can be addressed simply and relatively inexpensively. Any remote device — including mobile devices — used for business should have the proper antivirus software, password protection and other security as in-person computers and phones. 

Remote employees should protect data by using secure Wi-Fi (including updating their passwords on their private routers) and securing sensitive information and devices in public. And a good VPN and firewall system will also protect employees’ remote work, and proper backup will protect the company should something happen via an employee’s computer.

Unfortunately, cyberattacks are part of doing business in the 21st century. However, they are not an unmanageable threat if invest the time and money to protect your business, your clients and yourself. Considering the cost of not protecting yourself from digital threats, these small steps are a good return on investment, indeed.