Cybercrime makes headlines every day, but while it’s usually the large corporations and government hacks that are noticed, small businesses are also at risk.
In fact, companies with smaller security budgets are often targeted specifically for that reason. The first step for any small business is to make cybersecurity a priority.
Some of the most common threats to small businesses include:
- Spear-phishing. This is an email spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. SMBs accounted for 30% of all spear-phishing attacks in 2013, according to Symantec’s Internet Security Threat Report.
- Exploitation of unpatched systems and software. This can leave sensitive customer and business information vulnerable to hackers. Cybercriminals are shifting their attacks from larger firms who have improved their IT defences to smaller businesses subcontracting under the larger firms as a stepping stone to the top.
- Crypto-ransomware. It sounds like something from science fiction but this is a new trend that’s hitting individuals and smaller companies. It’s digital extortion that involves software that locks up a computer and forces the user to pay the criminals a fee to unlock it. But even when the ransom is paid, the criminals don’t always return the data.
So, how is a small business expected to protect itself from these types of attacks without a big IT budget? Here are 12 ways to thwart cybercrime:
- Identify critical IT assets and sensitive data.
- Regularly update your operating systems and browsers.
- Use firewall software that prevents virus, spyware and phishing attacks.
- Encrypt your wireless network.
- Set up administrative rights so that nothing can be installed on company computers without authorization. Do not allow general use of your administrator accounts.
- Remove or disable USB ports so that they can’t be used to download malicious data.
- Have strict password policies such as implementing complicated passwords, establishing a regular change policy and prohibiting password reuse.
- Encrypt drives, folders and files.
- Use filtering that controls access to data.
- Use Internet filters to block access to restricted sites to prevent employees and hackers from uploading data to storage clouds.
- Add data protection policies to your company manuals and employment agreements, and train employees regarding the use of confidential data.
- Secure mobile devices that handle corporate data. Limit mobile access to customer information and monitor who has permission to access data.
Cybercrime should be viewed as any other business risk, and small business owners can no longer afford not to invest in cyber security.
Ironically, technology can actually be your best weapon against cybercrime. First, perform an analysis to identify any gaps or threats that need to be addressed. That way you can better determine what security package is the right fit for your business.
The worst thing small business owners can do is assume that nothing can happen to your business, because today it’s no longer a matter a question of “if” but rather “when” a cyber-attack can occur.