If you’ve seen any of the (MANY) recent reports about ransomware attacks on businesses and their profound effect on the business and its clients, you know that ransomware is a serious danger that your company needs to be prepared to combat. The best defense, as the old adage goes, is a good offense. This has never been truer than when it comes to ransomware. By understanding what ransomware is and creating a security plan in advance, you can save your business’ and clients’ data from a malicious attack.
Imagine you’re a small business owner in a thriving marketplace, and you’re looking toward a successful future. Then, your network gets hacked, customer data is exposed, and you find yourself struggling to recover. You’re losing clients. You’ve lost money. Your business insurance is through the roof. This is becoming an all-too-familiar story. According to a 2018 survey conducted by the U.S. Small Business Administration (SBA), 88% of small business owners felt their business was vulnerable to cyberattack. According to the Federal Bureau of Investigation (FBI), the cost of cybercrimes in 2018 was more than $2.5 billion. With statistics like these, it’s no wonder national agencies are warning small businesses to take action. Investing in improved cybersecurity for your business now can save your company if it comes under attack by cybercriminals.
Why Should Small Businesses Make Cybersecurity a Priority?
In recent communications, the Department of Homeland Security and the Small Business Association have released information concerning the increasing risk of cybercrimes in small businesses. If you’re a small business owner, it’s essential to understand that those who perpetrate cybercrimes may be targeting you. Because small business owners tend to devote fewer resources to cybersecurity than larger businesses, these cybercriminals know they are more likely to access the information they want without being detected. The main types of security breaches that small business should be concerned about include:
Advanced, persistent threats – this means the
network was accessed, information was extracted, and the cybercriminal
continued to silently probe security limits and remove information over the
course of an extended timeframe.
Password-based attacks – usually a one-off infiltration,
the hacker uses a stolen or otherwise acquired password to get into your system
and take information, drain funds, or do other damage.
Malware attacks – this form of attack may be
singular or ongoing. It uses an outside software to infiltrate your company’s
network. From there, the damage to your business is only limited by the
creativity of the programmer.
Phishing scams – these scams use communications
that appear legitimate, including emails, text messages, and social media
messages, to access information from users. In your personal life, you may
quickly delete suspicious messages without a second thought, but
professionally, you may feel the need to further investigate messages (even if
they look suspicious) to avoid losing potential business. Cybercriminals know
this, and they will take advantage of this increased vulnerability.
1 – Provide Education for Your Team
A knowledgeable employee is much less likely to expose your business to threats from cybercriminals. Create a basic cybersecurity policies and procedures document and make sure it’s reinforced with training. These policies and procedures and training resources should include information like:
Appropriate internet usage
How to protect client information
Password strength
How to identify phishing scams
What to do if employees suspect a breach
2 – Create a Data Security Plan
In order to train your employees on cybersecurity policies
and procedures, you need to have a plan in place. Your data security plan
should defend against cyberattacks by:
Establishing and maintaining an internet
firewall
Installing and updating antivirus and
antimalware software
Creating password strength settings for new
users
Requiring new passwords at least once a quarter
Protecting client data (especially payment and
private information) with additional layers of security
3 – Secure Your Wi-Fi Network
In addition to an internet firewall, you need to secure your
Wi-Fi network. Many businesses leave their network open to encourage customers
to visit, but this can also encourage cybercriminals. Having a separate Wi-Fi
network for your business functions that is hidden from broadcasting to outside
users and password protected is essential. If you do have a Wi-Fi network open
to customers, it should still be password protected. Many small businesses have
fun with giving out the password in creative ways. Turn it into a puzzle for
your customers to solve. Hide the password in your receipt text. There are many
fun and creative ways to give patrons Wi-Fi access, and you’re still keeping
your business protected.
4 – All Passwords Must be Strong & Frequently Changed
We know we’ve already mentioned passwords a few times, but
many small businesses rely on passwords to protect their company information. It’s
really important that every user who accesses your business network has a
strong password that is changed frequently. There are many ways to establish
settings that require complex passwords and prompt users to change them
regularly. A best practice is to ensure employees change their passwords once a
quarter.
5 – Limit & Monitor Use of Mobile Devices
Mobile devices are now used, almost constantly, as part of
running a small business. In fact, research indicates that allowing employees
to access company email and other systems via smartphones, tablets, and mobile
devices can actually boost productivity. Unfortunately, this brings its own
added layer of security risk. Make sure that your systems are protected with
robust passwords that are changed often and consult with professionals about
how to create increased security for mobile devices. You may also want to monitor
mobile device usage (when appropriate). Specifically, if your employees use
mobile devices that are owned by your business, you may want to monitor how
these devices are being used.
Let IT ArchiTeks Provide Dedicated IT Services for Your Small Business
Many IT security firms offer big security packages that are way outside of your small business budget. At IT ArchiTeks, we do things a little differently. We work with businesses of all sizes to create customized network security, communication management systems, and IT service plans that fit your business needs – and budget. When you’re ready to get started, contact our knowledgeable team. We look forward to talking to you.