How to Protect Your Small Business From a Cyber Attack
Worrying about cyberattacks isn’t enough to safeguard your business. If thoughts of cyber attacks on your small business are keeping you awake at night, it’s time to take definitive action. If you think that a small business isn’t going to be subject to the same cybersecurity issues of a major corporation, the truth is those small businesses aren’t exempt from cyber attacks.
The Verizon 2019 Data Breach Investigations Report shows a massive 43 percent of data breaches involved small businesses, those being organizations with fewer than 250 employees. While big companies might seem like lucrative financial targets, they have wised up to common cyber-attack methods and invested in countermeasures. Small businesses tend to skate by on subpar security and a lot of hope.
It’s not worth the risk, no matter how small your business is. The Ponemon Cost of Data Breach report shows the average global cost of a data breach is $3.92 million, which is up since the 2018 study. In the United States, costs are even higher with an average total cost of $8.19 million for a data breach. While a small business might not face that scale of devastation, it’s easy to see how a hefty financial consequence can shutter a business with fewer resources.
According to the Ponemon report, it takes an average of 279 days to identify and contain a breach. That’s a long time and it’s all spent in damage control mode. The longer that life cycle is, Ponemon adds, the greater the total cost. That goes to show that it’s a lot easier and less expensive to tackle a cyber attack through prevention, rather than reacting to something that’s already happened. Here’s what you can do.
Install and Upgrade Software
You should have anti-virus and anti-spyware software in place. Regularly update and upgrade these systems. For small businesses, this type of software can be very affordable. Many programs operate on a per-user fee.
Safeguard Your Internet Connection
Add firewalls, encrypt your information, use a secured or hidden Wi-Fi network, and password-protect routers. Wherever there’s a potential for unwanted intrusion, secure it. The Ponemon report indicates that using encryption extensively reduces the cost of a data breach by an average of $360,000. That’s just one example of how safeguarding your connection pays off.
Develop a Cybersecurity Policy
With a strong cybersecurity policy, you can ensure that all employees know and understand how to protect themselves and business data from attack. A lot of business data is at risk not because of high-level, sophisticated hacks or viruses, but because the data is simply not secure. A Varonis report shows just how much data is at risk, finding 58 percent of surveyed businesses have over 100,000 folders unsecured and open to everyone in the company. Worse, 41 percent have over 1000 sensitive files open to everyone.
A cybersecurity policy sets out expectations for data access, ensuring that only people who should have access to privileged or sensitive files are able to get into those folders and documents. It’s easy to slack in this area, especially as a small business with only a few employees to consider, but it’s an important measure.
Use the policy to develop safe practices for areas like employee devices, software updates, data transfer, and how employees will be disciplined if they fail to adhere to the policy.
Back Up Data
Secure, reliable backups ensure that you have redundancies in place if your data is breached. You can get back online and back to work easily, reducing the costly life cycle of a cyber breach.
The Ponemon report found that human error is the root cause of 24 percent of data breaches. Employees need to not only understand your cybersecurity policy, but follow it to the letter, encouraged by training. You should ensure that employees are trained on key security measures. Passwords might seem like a simple concept but they’re often a weak point for cybersecurity.
The same Varonis report outlines startling statistics on passwords: 65 percent of companies have over 500 users with passwords that never expire, giving hackers a place to enter via brute force. Set up expiring passwords and train your employees on not just how they’re used, but why this measure is in place.
Other training topics to cover include phishing emails, secure browsing, avoiding suspicious downloads, and how to steward sensitive information.
We’ve talked about the ways PILLAR can protect your business from cyberattacks, with the right software, systems, security measures, and policies in place to meet your needs. Call us at (212) 255-3970 to get started with a free onsite audit!