October is National Cybersecurity Awareness Month (NCSAM). A collaboration between the US Department of Homeland Security and the National Cyber Security Alliance, the NCSAM initiative has been working for 15 years to raise awareness about the importance of cybersecurity for the public and businesses alike.
According to the Center for Internet Security, a non-profit working to safeguard organizations against cyber threats, some 594 million people are affected by cybercrime every year. And with 24 billion or more internet-connected devices forecasted to be operating globally by 2020, the targets for hackers will only continue to grow.
But surprisingly, many small business owners don’t believe that cyber security is something they need to worry about. Many fall in into the trap of thinking that because they are not Target or Yahoo or Equifax they are just small fry in the eyes of cyber criminals.
The truth is, they couldn’t be more wrong.
The attacks on retail and business giants make the news because they affect hundreds of thousands of people and usually create a lot more collateral damage than an attack on a small business. But in reality, it happens to small businesses at a much higher rate than large corporations. In fact, small to medium-size businesses make up two-thirds of all cyberattacks according to UPS Capital.
And with good reason. UPS Capital also reports that some 90% of small to mid-sized businesses don’t use any protection for company and customer data and that less than 50% have implemented secure company email systems.
This makes small businesses an incredibly easy target for hackers, and sadly for most, one serious data breach is all it takes to put them out of business. Between the costs involved to repair the breach (estimated at between $84,000 and $148,000 for the worst attacks) and the loss of customers or clients as a result of the incident, a whopping 60% of small businesses don’t last six months after a cyberattack.
Pair that with a 2017 Manta poll that revealed 87% of small business owners do not feel at risk from a cyberattack, and it starts to paint a frightening picture of an overwhelming lack of cybersecurity within the small business world.
But there are ways you can protect your business, starting with some cybersecurity basics that won’t break the bank or require learning new technology. That doesn’t mean you won’t need to invest in more sophisticated IT to protect your data and that of your customers, but there are processes you can put in place today that are a good place to start.
1. Develop a cybersecurity policy
Put a plan in place that covers how you will proactively work to protect your company from attack, as well as a disaster recovery plan so that you have a strategy for responding to a cyberattack.
2. Employee Training
Make sure your staff is fully trained in your organization’s cybersecurity protocols. This includes items like password security, secure log-in and VPN utilization through to protocols for the worst case scenario should a cyberattack occur. Even simple things like teaching your staff how to spot a malicious email can be invaluable. Remember, filtering tools can only do so much. Quite often, it’s the human element that is the last line of defense against cyber threats.
3. Develop Password Protocols
There’s a reason there are so many jokes about people using “password” as their password. It’s understandable: strong passwords can be hard to remember, and it can get complicated very quickly when you have multiple accounts. But passwords are imperative to cyber protection. Make sure your employees create unique passwords for each account that they access, enforce passwords on every device, and ensure passwords are updated regularly.
4. Update Computers Regularly
Regular updates to operating systems and web browsers will help to protect devices against new threats. This applies to computers and mobile devices.
5. Perform Regular Backups
If the worst happens and your information is stolen, having a secure back up ensures all is not lost. This does not replace securing your primary system, but it will lessen the impact of a breach. The key of course, is to perform backups regularly.
6. Secure Your Networks
Make networks as secure as possible. Password protect your Wi-Fi and use a VPN (Virtual Private Network) for connections between offices and mobile locations. Maintaining firewalls, anti-virus and malware protection on all devices is also vital to help safeguard your organization’s network.
Not sure where to start? The Center for Internet Security has some great tools to help you figure out how to secure your organization and specific platforms. And of course, tune in to the information and discussion all month long during National Cybersecurity Awareness Month.