The recent ransomware cyberattacks in the United Kingdom and elsewhere around the globe remind us how vulnerable businesses can be to cyber criminals. During the last three years, Business Email Compromise (BEC) scams targeted more than 400 U.S. businesses every day and cost those companies $3 billion. Small businesses are particularly vulnerable to cyberattacks: they are not only the target of 43% of attacks, but 60% of them go out of business within six months of the attack.
So what can small businesses do to protect themselves during such a volatile time? The first step is to recognize the primary threats and then make sure you are equipped to handle them. With that in mind, here are ten things your small business can do to be prepared for a cyberattack.
You Are Not Listening in Your Industry
Your Employees Know Nothing about Network Vulnerabilities
You Lack a Plan for Restoration of Data
You Have Too Many Devices on Your Network
You Are Not Prepared for More Elaborate Cyberattacks
You Are Not Taking a Wide View of Your Network
You Are Not Using Available Tech and Machine Learning to Assist with Cybersecurity
You Do Not Run Vulnerability Scans
You Are Too Busy
You Rely on USBs
First, you should keep abreast of what is going on in your industry. For example, if many businesses use the same software program, hackers can target that program, expose a loophole and it will affect every business that uses it. This often happens in the healthcare industry with patient management software.
Hackers primarily target small businesses through phishing attacks, which are typically focused on individual employees. By providing training and information about phishing to your employees, you can help them better identify suspicious e-mails and ensure they will not open them. This should be an ongoing area of development for your business as cyber criminals are constantly evolving their tactics.
Before being attacked, make sure you have a plan for lessening the attack’s impact. Meet with your IT team or IT director to figure out if it is possible to counteract the effects of a cyberattack. This often involves having daily cloud backups.
Due to the rise in the number of attacks on devices connected to your businesses’ network, it is best to limit those devices. Not everyone needs to have a smartphone or IoT device connected to your network.
Hackers are taking more time to plan attacks and making them more sophisticated. A recent example of phishing saw someone posing as a company’s CEO and asking for employee tax documents and company financial data. Attackers have also gotten very skilled at replicating popular logos like Yahoo, Google, and FedEx in order to make employees think this is official correspondence.
A recent attack featured a pop-up requiring an emergency Google Chrome install. With all the concern around cybersecurity, it would be easy for someone to act on the download without thinking. But once they click on it, they likely have infected their computer and the network.
As a small business owner, you need to know just how extensive your network is. An attack could spread to employees, customers, and vendors. You need to carefully monitor whom you share data with, who has access to your data, and how it is being protected. It is a good idea to monitor best practices in these areas.
Although in its infancy, machine learning could play a role in cybersecurity going forward. With the rise of big data, data analytics, and business intelligence, there will be more and more information available regarding cybersecurity. But individuals cannot sift through it all; instead, they will need to be able to utilize machines to help determine what pieces of information are valuable. It will also be beneficial to use machines to monitor networks and notify you when there is a possible breach.
As mentioned above, the technology exists that could be keeping an eye out for possible issues with little work from you. A vulnerability scan can alert you to potential points of exploit and identify security holes. They can be run during nonbusiness hours and protect you even when your employees are not on site. You can choose to do that on your own or have a managed IT company do it for you.
One of the cybercriminal’s favorite targets is people who think they are too busy to worry about network security and that cybercrime is something that higher profile companies need to worry about. Whether as a business owner you feel overwhelmed by the decisions on how to protect your business or you do not think you need it, these weaknesses make your business a prime target.
They are small, can hold a lot of data, and come in a variety of fun shapes, right? They are also some of the biggest issues in network security. Most people do not think of the exploit potential in them, and yet most laptops and computers have multiple USB ports, and data exchange is done without forethought. Plus, many of the viruses that are designed to be transported using USB thumb drives and other devices take advantage of the USB autorun capabilities. That is what made the Conficker worm so quick to spread. One of the best and easiest changes you can make is adjusting your Windows Autorun policies.
There are many reasons businesses disregard their network security. It seems daunting; they are not sure how to go about doing it. They may think cyber attacks are something that only happens to large hospitals in Europe. But small business network security is a growing issue we all need to be taking seriously these days. Learn more about protecting your business by downloading our e-book, Small Business Network Security Risks.