The damage related to cybercrime is projected to hit $6 trillion annually by 2021, according to Cybersecurity Ventures. A few billion of that will be borne by small businesses alone. Small businesses are attractive targets because they have information that cybercriminals want, and they typically lack the security infrastructure of larger businesses.
According to a recent SBA survey, 88% of small business owners felt their businesses were vulnerable to cyber-attacks. Yet many businesses simply cannot afford professional IT solutions, have limited time to devote to cybersecurity, or they do not know where to begin. Cyber-attacks are constantly evolving, and business owners should at least be aware of the most common types so they can take some preemptive actions.
Malware (malicious software) is an umbrella term that refers to software intentionally designed to cause damage to a computer, server, client, or computer network. Malware can include viruses and ransomware.
Viruses are harmful programs intended to spread from computer to computer (and other connected devices). Viruses are intended to give cybercriminals access to your system.
Ransomware is a specific type of malware that infects and restricts access to a computer until a ransom is paid. Ransomware is usually delivered through phishing emails and exploits unpatched vulnerabilities in software.
Phishing is a type of cyber-attack that uses email or a malicious website to infect your machine with malware or collect your sensitive information. Phishing emails appear as though they have been sent from a legitimate organization or known individual. These emails often entice users to click on a link or open an attachment containing malicious code. After the code is run, your computer may become infected with malware.
Here are a few basic cybersecurity best practices:
Be vigilant when it comes to emails
Be careful about clicking on links or opening attachments in emails that come from sources you do not know or trust. Nowadays, many malicious emails are sent out that look legitimate but can be identified as bogus by looking at the sender’s email address.
Train your staff
Employees are a leading cause of data breaches for small businesses because they are a direct path into your systems. Training employees on basic internet best practices can go a long way in preventing cyber-attacks. Make them aware of actions such as: spotting phishing emails, using good browsing practices, avoiding suspicious downloads, creating strong passwords, and protecting sensitive customer and vendor information.
Use antivirus software and keep it updated
Make sure your business’s computers have antivirus and antispyware software installed and that they are updated regularly. Most software can be easily set to install updates automatically. Importantly, this in NOT an area to try to scrimp and save money on.
Secure your networks
Safeguard your Internet connection by using a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
Use strong passwords
- Strong passwords may include:
- 10 characters or more
- At least one uppercase letter
- At least one lowercase letter
- At least one number
- At least one special character
Consider using Multifactor Authentication
Multifactor authentication requires additional information to log in, such as a security code sent to your phone. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account(s).
Back up your data regularly
Regularly back up critical data such as word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Back up data automatically if possible – daily is great, but at least weekly, and store the copies either offsite or on the cloud.
Control physical access
Laptops and tablets can be particularly easy targets for theft or can be lost, so lock them up when unattended and be sure to create a separate user accounts if more than one person has permission to use the laptop.