In yet another alarming cyberattack affecting more than 100,000 people, hackers recently netted nearly $50 million in fraudulent IRS refunds. The fact that a mammoth organization like the IRS could be hacked illustrates the growing danger that small businesses could fall prey to cyber intrusion.
“The average small business is unaware that it’s being hit with more than 10,000 attempted intrusions a day, and the number of these attacks are growing. When a data breach does occur, it can take months to discover it,” says Erik Knight, CEO of SimpleWan, a defense system for businesses that allows for tracking real-time statistics and responding to threats immediately. “The days of small businesses not taking data breaches seriously are over. If a small business has an ‘it can’t happen to me approach,’ I guarantee they are a target for a cyberthreat.”
In addition to an increase in the volume of hacking, “the scams are becoming much more sophisticated, and the landscape is changing regarding culpability,” Knight says. “Organizations and governments are starting to hold businesses responsible for protecting customer privacy.”
Without ample security resources and the finances to survive a catastrophic occurrence brought on by data theft, small businesses can be especially vulnerable, notes Robert Neivert, COO of Private.me, a secure hub of online privacy tools, including Private.me API that protects user data.
Data theft can be disastrous to a small business, adds Michael Kaiser, executive director of the National Cyber Security Alliance. “Customers expect the businesses they patronize to protect their personal information. Cyber intrusions lead to a loss of trust in your business and can damage your brand.”
How can you protect your small business from cyberattacks? It can help to follow these five security measures.
1. Be Proactive
“Prevention is the key to preventing all attacks,” Knight says. “There are technologies available that provide a monitored security product much like an alarm system for your Internet connection. If you have an alarm system for your office and don't have one for your firewall, you’re missing your biggest wide open window.”
Knight advises ensuring that your computer system is monitored, audited and tested for security holes monthly—not when there is a breach. “The small-business owners who don’t do this are easy targets and will most likely be hacked,” he says. “Hire a professional IT vendor that knows about proper procedure and threat assessment.”
All businesses should take the time to do risk management evaluations to determine vulnerabilities, Kaiser adds. “Follow basic best practices, such as keeping software up-to-date, and look into new ways to make your business more secure, including adding multi-factor authentication to work networks or email accounts.”
Don’t delay in updating your system, advises James Pooley, a lawyer and author of Secrets: Managing Information Assets in the Age of Cyber Espionage. “Always update your software as soon as patches are available. Many breaches happen because companies wait too long, and hackers know this.”
2. Follow Industry Compliance and Rules
It used to be that you could appear to be making an effort and you would be okay, but the Home Depot breach in 2014 changed all that. “A number of vendors are being named in the ongoing lawsuits, and all of them are at risk for a part of those expenses related to the breach,” says Knight. “A single event like this could be a business ender. The cost of an average breach in 2014 was $3.5 million.”
3. Purchase Data Breach Insurance
Insurance to protect your business in the case of cyberattacks is becoming a necessity. “A few years ago you couldn't even buy such a thing, but by 2020, research by insurance groups indicates that almost 90 percent of all businesses will be required to have data breach insurance,” Knight says. “It may sound silly, but it may also save your business and is well worth the investment. Even if you're not the cause of a breach, you may have to defend your actions in court. Many of these policies cover such a defense.”
4. Opt for Cloud Services
A stand-alone computer device you purchased even just a year ago that hasn't been updated or monitored may already be breached, and you wouldn't even know it. “With a cloud service, you pay a service fee, and it’s someone else's job to keep everything current and secure,” Knight says. Consider this tactic for everything from ecommerce to computers, firewalls, phones, email systems and servers.
5. Don’t Forget the Human Element
According to Neivert, employees are a small-business owner’s biggest security threat. “We often focus on tech, but people create many of the issues,” he says. “Often passwords are shared among employees, are simple and reused. Every employee should have a unique password, and it should be of reasonable strength. Train employees to be careful about opening emails from unknown sources, have an anti-virus scanner on computers, keep access to sensitive information like banking to only a few people, and most of all, pay attention to employees that might have malicious intent. They can do a lot of damage.”
Also keep an eye on individuals from outside your company allowed into your system, Pooley advises. “The big Target hack of 2014 came in through its heating contractor, who had trusted access, but whose own system was more vulnerable than Target’s,” he says. “Even a restaurant’s website can be used to hack into a company whose employees often eat there and might click on the menu, exposing their own systems to malicious software.”
Cyberthreats are here to stay. Have a plan in place to thwart hacker attacks, and you should be well on your way to protecting sensitive company and customer data.
Read more articles on cybersecurity.