Cyberattacks are on the rise and hackers are targeting more than just big business.
Small businesses are at risk, too, and companies of all sizes are woefully ill-prepared to fight off online threats.
Before brushing off the need for cybersecurity, consider this: 97 percent of data breaches last year were avoidable without the need to employ expensive countermeasures to combat them.
In its 2012 Data Breach Investigations Report, Verizon Communications examined 855 data breaches in 2011 at businesses in the United States, Ireland, the Netherlands, Australia and England. Verizon has compiled the annual report since 2004.
Hacking and the use of malware were the preferred methods to get at businesses' information, with both methods being used in breaches, the report states. Hacking was used in 81 percent of the breaches and malware in 69 percent of the incidents.
By far, the most sought-after target of these breaches was "personally identifiable information," which can include a person's name, contact information and Social Security Number. Personal information accounted for 95 percent of all of the data records stolen during the breaches in 2011.
“The report demonstrates that unfortunately, many organizations are still not getting the message about the steps they can take to prevent data breaches,” Wade Baker, Verizon’s director of risk intelligence, said in the report.
Businesses of all sizes can take measures to safeguard their information from prying eyes. Here are 10 cost-effective ways to protect your small business from cyber attacks.
1. Install a firewall. Just as a real firewall keeps an inferno in one room from spreading to the rest of the building, a computer firewall blocks unwanted information and people from entering a business' computer system from the Internet. Once the firewall is in place and working, never turn it off of any computer in the business.
2. Set up an Access Control List. This will allow your business' system administrator to control which employee have access to the computer system or certain parts of the computer system and whether they can log in remotely or only from the office.
3. Change the default passwords for the company's point of sale system. A vulnerability the Verizon report mentions specifically is businesses failing to change the POS password credentials from the manufacturer's default setting to a custom password for the company. The report also recommends making sure that all third-party vendors change passwords as well.
4. Establish security roles and responsibilities. Identify which employees need to have access to the business information and set up responsibilities for those employees. The Federal Communications Commission recommends setting a period of time an employee must be in the role before access rights are granted.
5. Establish policies for Internet and social media usage. If your business wants to limit the use of the Internet and social media to break time, make sure the employees know the policy.
6. Use a Web-filtering system. These programs can block harmful sites as well as sites that may be inappropriate for viewing during company time.
7. Use Internet security programs on each computer. The programs work in addition to the firewall to help block malicious software from attacking the computer and compromising data.
8. Be wary of peer-to-peer sites. If your company uses peer-to-peer sharing, be cautious of the security of such connections and learn what the peer site's safeguards are.
9. Keep the most critical data offline. Organize your business' data and keep the most critical information—such as customers' personal information—offline.
10. Get cybercrime insurance. This kind of policy covers the liability of the company in the case of a cyberattack or a data breach. Some policies cover direct loss, legal liability and consequential loss from security breaches. Some insurance carriers also offer network security risk assessments to determine your company's exposure risk to attack.
Linda is an award-winning journalist with more than more than 22 years' experience as a reporter, editor and blogger. Linda blogs via Contently.com.
Read more about protecting your business from cyber threats.