Small businesses sit on the front lines of the continuous cybercrime battle. The problem is this isn’t a battle that the good guys are winning. In fact, 60 percent of small businesses close their doors within six months of being victimized by cybercrime!
Possibly the scariest statistic around this topic of small business security, or insecurity, is that more than 75 percent of small businesses believe their companies are safe from hackers.
Such a false sense of security could cost you your business. This isn’t simply FUD – it is today’s reality. Keeping up with cybercrime events in your specific industry should be part of your routine due diligence, so you are aware of relevant threats and consider a combination of measures to better protect your business.
Understand that information your business stores, processes and uses to access other networks (aka the greater supply chain) is of great value. Don’t get stuck in the old mentality of “no one would want my stuff.” Your information is valuable. Think about cybersecurity for your business like protecting your home. In that vein, here are seven practical tips you can implement:
- Close the windows. Turn on automatic updates for programs you use and check that the software you’re using is up-to-date. This “update” process can also include removing software that you are not using – unused software is just another potential back door into your systems and information.
- Lock the front door. A strong password can act like a good front door lock. Changing passwords from the default, using different passwords and creating complex password combinations can all reduce the risk of having a cybercriminal easily guess your password and walk right through the front door.
- Turn on the alarm. While it’s important to lock the doors and close the windows, attackers are savvy and can still get in if they really want to. This is where two-factor or multi-factor authentication comes into play. It creates another checkpoint and step to get in without creating a whole lot of extra work/hassle.
- Put your valuables in a safe. Just like at home, you may have money, jewelry, important documents in a safe. It’s no different with valuable information, whether customer information, PII, intellectual property, etc. Think of it this way – if your laptop or phone gets stolen, while there is a cost associated to replace the hardware, the greater expense will be around the stolen information. Another key point here is don’t store information you don’t need – all it does is create more liability and risk.
- Check out the neighborhood. Do you know what other organizations with which you conduct business are doing to limit a breach? If you’re giving them any level of access to certain systems or information, you should! If a vendor you work with is breached, the impact could easily trickle to your business.
- Safety on the road is no different. When it’s time to step outside your home or business, your interest in safety should not change. But public Wi-Fi has created easy, open access… to everyone good and bad. When you’re on the road, make sure you connect to your network through a VPN, which encrypts everything sent and received.
- Understand your risk. This is purposely broad and can mean a lot, but ultimately understanding what’s going on in the cyber world as well as within your business can help you stay out of trouble and keep working to churn out profits. Basic education on the dos and don’ts of cybersecurity really isn’t that hard or time-consuming, and it will absolutely help you in the long run.
This list is certainly not exhaustive of the things you can/should do when it comes to cybersecurity, but it is a good start and it is manageable. By having a clear understanding of what your risks are – and the impact to your network, customers, supply chain and your bottom line – you can make sound mitigation decisions and keep your business moving forward.
Jason Polancich is founder and chief architect of SurfWatch Labs, a cyber risk intelligence firm. He is a serial entrepreneur focused on solving complex internet security and cyber-defense problems, with more than 20 years of experience as an intelligence analyst, software engineer, systems architect and corporate executive.