Home Depot, Target, Nieman Marcus… the list of businesses affected by cyber security is a long one. Cyber crime is headline news. But just how safe is your important financial, employee and customer data?
According to industry studies, not only are small businesses extremely vulnerable to cyber-attacks – they’re not doing much about it. In fact, a whopping 77% of small business owners believe they are safe from hackers, viruses, malware or a data breach. That’s according a 2012 survey by Symantec and the National Cyber Security Alliance.
“Although SMBs increasingly rely on the Internet for daily operations, they are not taking the necessary measures to keep their businesses safe and secure,” states the report. “Nearly six out of 10 SMBs do not have a contingency plan outlining procedures for responding and reporting data breach losses.”
This feedback is particularly worrying given that almost 40% of the over 1 billion cyberattacks that Symantec prevented in the first three months of 2012 targeted companies with less than 500 employees.
And the impact can be catastrophic. The average cost of a cyber-attack is about $190,000 (not to mention your reputation). So, it’s no surprise that 60% of small businesses close within six months of a data breach.
So what can you do to lower your risk? Here are a few steps you can take that won’t break the bank.
Know What you Need to Protect and Have a Plan to Do So
Ask yourself, “What do we have to protect? And, what would impact our business the most?”
The U.S. government is actively helping raise awareness of cyber security among the small business community and offers a number of tools and resources to help them prepare and respond to potential threats. The FCC Small Biz Cyber Planner, for example, is an online tool that can help smaller businesses who don’t have a dedicated IT team to help manage their security profile. Simply answer a few questions based on your business profile and the planner will recommend a customized security plan based on the information and systems you use.
The Department of Homeland Security also offers a wealth of small business resources as part of the government’s Stop. Think. Connect. public awareness campaign. These tools include planning guides, tip sheets and employee communication aids including blogs, newsletters, posters, and more.
The SBA also offers a free online course – Cyber Security for Small Businesses – that can help you find the types of information that need to be secured and best practices for doing so.
Of course, you can also turn to consulting companies to help secure your business. viaForensics, for example, can help you secure mobile devices. While Neohapsis and many other boutique consulting firms can help you formalize a cyber-security strategy.
Educate Your Employees
Teach your employees best practices for using the Internet, email and social media as well as securing the workplace around them (laptops, confidential paper documents, etc.). Refer to the planning and communications materials mentioned above.
Dedicate Computers and Tablets to Specific Tasks
Do you use a point of sale (POS) system? Make a practice of using it for sales transactions only and avoid using that same system to browse the web or social media. Once online you run the risk of exposing the system to malware.
The same goes for your company’s banking, financial, and accounting activities – use a dedicated computer for these high-risk tasks.
Keep System Security Up to Date
In addition to running and maintaining your security software, make a point of ensuring your hardware and software system updates are automatically checked for and installed. New threats emerge on a daily basis and patches are pushed out often.
Have a Password Policy
As part of our security plan, set policies for password formats (use a combination of characters, numbers and cases) and remind yourself and employees to update them regularly.
Back-Up your Data Frequently and to the Cloud
Backups should be scheduled daily or once a week, depending on the nature of your business, and across every computer in your business. Regular backups make sure the data is intact, accessible and available for a restore should your systems fail or data is compromised by a virus or other attack. Be sure to include important data such as financial files and human resource files in addition to regular documents.
Cloud storage is a great option for securing your data. Cloud providers take many precautions to protect sensitive client data including single and double encryption. Some providers will even let you design your own encryption key which prevents anyone outside your company from seeing that information, including the cloud provider. Providers include Box, DropBox, Carbonite, and more. Compare the most popular solutions at TopTenReview.
Protect Wi-Fi Networks
If you run a home business or have a Wi-Fi network in your workplace, make sure it’s secure and hidden. You can do this by configuring your wireless access point or router so that it doesn’t broadcast the network name or SSID. Password protection is another common sense layer of security,
Control Access to Sensitive Systems and Data
Laptops and tablets are particularly vulnerable to attack. Secure them when they are not in use. Likewise, protect your software applications with permission-based access rights so that only the right staff can get access to sensitive or financial data.
Don’t forget paper files. Keep sensitive records under lock and key and shred any sensitive hard copy files that you no longer need.