How secure is your business online? How long would it take to recover after a cyber-attack on your business? Besides data, what other items would be targeted?
According to StrongDM.com, nearly 40 percent of small businesses reported they lost crucial data from an attack, and 75 percent of small businesses could not continue operating if they were hit with ransomware.
These statistics, plus the cost of an attack on your small business, are enough to double and triple-check your cyber security in today’s very digital world. Let’s review what some common cyber-attacks are and how to prevent them.
Phishing:
This is a very common type of cyberattack and one you may have fallen victim to. Criminals can use links in an email to infect your system with malware to collect information. Phishing emails and messages can appear legitimate or appear to be sent from a known entity (such as your insurance agency or Meta/Facebook administration). These messages often entice users to click on fraudulent links or open attachments containing malicious code.
You want to be cautious about opening links from unknown sources. If something seems suspicious from a known source, don’t click on it. Ask the source directly if it’s legitimate.
Malware:
Short for malicious software, malware is designed to harm a computer, server, or computer network. It can include viruses and ransomware.
Viruses:
These are harmful programs intended to spread from device to device like germs spread from person to person. Viruses are used to gain access to your systems and can cause significant and sometimes unrepairable issues.
Spyware:
This gathers information from a target and sends it to another entity without consent. Some spyware is legitimate and legal and may operate for commercial purposes, like advertising data collected by social media platforms. Malicious spyware, however, illegally steals information and sends it to other parties.
Ransomware:
This infects and restricts access to a computer until the owner provides a ransom. Ransomware can encrypt data on a device, and the criminals can demand money in return for a promise to restore it. It targets unpatched vulnerabilities in software and is delivered through phishing emails.
While you may think you’re too small for criminals to notice you – you’re not. While larger businesses and organizations are targeted more often, they have sophisticated systems that are run by full departments of people to stop cyber-attacks. Small businesses are more vulnerable and are more likely to be attacked because they don’t often have the resources to protect themselves.
However, according to the Small Business Administration, there are steps you can take to ensure your small business is protected from outside harm.
- Train yourself and any employees to spot phishing emails, use good internet browsing practices, avoid suspicious downloads, enable authentication tools, such as strong passwords and multi-factor authentication, and protect vendor and customer information. You can look for free training on websites like SCORE or Coursera.
- Secure your networks. Use a firewall to encrypt your information and ensure your Wi-Fi network is secure and hidden. You can do this by setting up your router so it does not broadcast the network name and ensuring that the router is password protected. If you or any employees are working remotely, use a Virtual Private Network (VPN), which will connect to your network securely from an outside location.
- Use antivirus software and keep it updated. You can find software online (like Norton) to install on your business computers. You can install the software to make updates automatically. Vendors provide patches and updates to correct and improve security and operations.
- Set up Multi-Factor Authentication. This could be the most important security measure you take. It verifies someone’s identity by requiring more than just a username and password. It also requires the user to provide a phrase or PIN using a phone or email address, and/or fingerprint or facial recognition.
- Ensure your sensitive data is secure, protected, and backed up, including your payment processing system. You should also control who has physical access to computers and laptops. If they aren’t being used, they should be locked. Restrict access to only those who need it on your devices and programs including anything financial or human resources related.
Bottom line: Employees should only have access to what they need. Ensure everything else is well secured.
The U.S. Small Business Administration has resources on its website to conduct audits of your business security, but you can always seek a local professional to help you ensure that you and your business are protected from threats of cyber-attacks.
