Cyber Security – What You Need to Know to Protect Yourself and Your Small Business
Here’s something to think about: according to Forbes, about half of small businesses experience a cyber-attack, yet 87% of small business owners don’t think they are at risk. Hackers just go after the big dogs, right? Wrong. Small businesses are looking better and better to internet predators as larger corporations continue to beef up security. Small-scale organizations generally have a moderate amount of customer data that isn’t very difficult to access and can then be used as a gateway to steal more sensitive information, leading to identity theft and the like. Yikes.
Cyber security is a big issue, certainly bigger than a blog post, but if you’re just getting your feet wet, we’d like to answer some basic questions and point you in the right direction.
Why do I need to worry about cyber security?
Because hackers can make it very difficult for you to run a reputable business. They can steal money, employee details, customer data, and vendor information. A data breach like this would surely damage relationships with your employees and customers. People don’t want to do business or share sensitive information with a storefront or service they can’t trust.
In addition, cyber threats can include malicious code and computer viruses, or denial-of-service attacks. Denial-of-service involves an external source slowing down your online service or making it impossible for people to access your business virtually. Lastly, remember that attacks aren’t always external. The Small Business Administration reports that internal threats account for 80% of security problems. These can be intentional or unintentional and can include issues such as non-business use of computers which can allow threats in unknowingly.
How can I protect my data and my business from a cyber-attack?
No risk can be completely eliminated, but there are steps you can take to protect sensitive information and prevent a viral attack.
- Establish security policies. Make sure these are comprehensive and up-to-date. Make sure your employees know and adhere to these policies by introducing them on day one of hire and reminding staff of these policies periodically.
- Limit access to sensitive information. Unauthorized people should not have access to company computers and accounts. Even someone you trust shouldn’t be granted access to a company computer they don’t normally use. Don’t lend your company laptop to a friend and dictate exactly who has access to certain information within your business. This can be managed by giving employees individual, unique logins they keep private from others.
- Secure your WIFI. Your business’s Wi-Fi serves as an easy target if it’s accessible to everyone that walks into your store. Secure your Wi-Fi so only employees can access it. If possible, set up the Wi-Fi in a way that prevents employees from knowing (and sharing) the password. If you need to provide Wi-Fi service to customers, set up a separate guest network specifically for them.
- Establish policies for in-office internet use. Ask that employees do not surf the web under an administrative account or download software from unknown pages. They shouldn’t respond to pop-up windows or allow any websites to install software on their work computer. All employees should also use a unique password for login access that’s changed every six months. Whenever you can, have your employees set up two-factor authentication. This requires a two-step sign-in process that adds another layer of security to accounts. Employees will need access to another device or code to complete the sign-in process.
- Update computers. You should regularly update your computers including desktops, laptops, even mobile devices. Usually, the newest operating systems will also have the capability to combat the latest cyber threats. Install anti-virus software and make that is always up-to-date as well.
- Backup everything. Regularly backup information on computers. If something is stolen or missing, you always have another copy. Maybe you keep customer contact information on your desktop, but it’s also stored in the cloud. Secure both copies, encryption and passwords can protect any kind of sensitive information.
Here are a few additional resources to help you learn more about cyber security.
- SBA’s Top 10 Cyber Security Tips
- SBA guest blogger, Bridget Weston Pollack provides tips for protecting your business from cybercrime in Are You Keeping Up With Your Business Cybersecurity Needs?
- SBA’s Social Media Cyber-Vandalism Toolkit provides guidance and security practices to small businesses using online-based communication tools in their online operations.