Top 3 Reasons Even Small Businesses Should Care About Cybersecurity
So much has been in the news recently related to cybersecurity, ransomware, hacks, and other attacks. Colonial Pipeline and the JBS meat processing company for example both suffered from ransomware attacks in 2021 that caused major disruptions in their businesses and affected millions of consumers.
It’s easy to think that only large companies need to worry about cybersecurity and ransomware, after all, that’s what we hear about in the news right? Here are 3 reasons why even small businesses should care about cybersecurity and some simple measures you can take to protect your small business from hackers and ransomware:
Hackers Love Small Businesses
The facts are that the majority of cyberattacks are focused on much smaller companies and these incidents either never get reported, or if they do, they don’t make the news headlines.
Small businesses often neglect their cybersecurity protection either due to budgetary concerns (perceived to be too expensive) or they are unaware, don’t know where to start, or what to do.
Out of Business
If (when) a small business is hit with ransomware, there is a good chance (over 50%) that they won’t be able to survive it. The damages from lost productivity, reputational damage, and costs of remediation can be too great.
Prevention is Key
The good news for SMB’s is that the majority of cyberattacks are preventable and preparing for them doesn’t have to break the bank. Here are some simple solutions that will protect your small business from the most common threats.
The top threats are:
- Email Compromise
- Exposed Passwords
- Exploiting Vulnerabilities in Systems
Here are some things you can do to help protect yourself and your business from hackers, ransomware, and other common threats.
Let’s face it, passwords are a pain in the you-know-what. They are hard to remember, & everything you do online requires a password. So, what do you do? Most people use the same password for just about everything, use passwords that are easy to guess, and when it comes time to change them, just add a “!” or number to the end.
Not a good habit and hackers can easily figure these out. Many times, they are using specialized software to automatically do this for them, and weak passwords get “cracked” (discovered) in seconds. Sometimes it’s as simple as buying your old password on the “Dark Web”, a special area of the Internet where hackers buy and sell things like this.
What to Do
Make your life easier by using a password manager. These programs help you to create unique and difficult to guess passwords for all the websites you visit. There’s nothing to remember except the one Master password to use the program (don’t forget that one and make it HARD to guess!).
Password managers usually have an accompanying app for your mobile devices and work on your computers too in your web browser. They can “autofill” your passwords as you use them. Easy as 1…2…3. Good password managers are LastPass, Keeper, and 1Password.
Also called Two-factor authentication, 2FA, or MFA. This is simply a fancy term for requiring an extra piece of information to be able to log in to your systems and websites. Often, it’s as simple as a code that is sent via text message to your phone. So, to log in to your bank website, for example, you would need your username and password AND the special code that is sent to your device. This makes it extremely hard for a hacker to get into your account.
What to Do
Enable multi-factor authentication in every place that offers it. Banks, credit cards, email, and others offer this as a standard feature. Sometimes you must dig a little bit to find this setting in your account settings, but it’s there often (usually under Account Settings…Security). It should always be ON if offered.
One alternative to using a text message would be apps on your phone (Google Authenticator and Authy are popular options) that generate unique codes that take the place of the text message.
The People Problem
Even if your IT systems are protected with adequate cybersecurity measures, there is one gaping hole in most security plans and hackers love to exploit this. Your employees. They are easy to trick into clicking something they shouldn’t or even providing information over the phone or in-person that is confidential.
What to Do
Train your employees using a regular system of security awareness training. The plan should also include a way to test phish (sending them fake phishing emails to see who your “clickers” are) your people. Good systems of training are fun, easy to learn, and constantly updated over time to adapt to current trends. KnowBe4 is a great place to start and offers all the above and more to train your people.
Security Updates and Configuration Problems
Often hackers take advantage of computers and systems that haven’t applied the latest security fixes or systems that are misconfigured. You’ll hear the word zero-day exploit in the news on occasion. What happens when a bug is found in a program, but no fix has been provided by the vendor yet. These can be especially tricky to deal with.
What to Do
Make sure that your systems are all set to apply and install the latest security updates and when you see prompts on your computer to do these, allow the updates to apply and restart your computers. Your IT folks should also review the other devices in your business that can’t automatically do this, and they should apply security fixes on these.
The IT team should also perform a security and health audit of your network and close any misconfigured “holes” in systems (your firewall for example) and clean up items found from those scans.
Often hackers will attempt to trick your people into clicking something malicious, which then loads their tools or ransomware in some cases and causes all kinds of problems.
What to Do
Make sure that you are running an enterprise-grade endpoint security program on each system at a minimum. In the old days, this software was called “antivirus”, but those days are long gone. Today’s advanced software does so much more. Look at products like Webroot, ESET, or security tools from Symantec for some good options.
If you want to add even more security, there are more advanced tools that you can load on systems to create “layers” of security. Each doing something a bit different than the other to help ward off attackers. The best solutions will stop viruses, ransomware, and be able to detect and respond to hacker threats even while you are sleeping.
Hear From Industry Experts
Read the latest tips, research, best practices, and insights from our community of expert B2B service providers.
The goal for most small companies should be to close the most common security holes and make your company as unattractive as possible to hackers when they come knocking on your door (virtually of course). Oftentimes that’s all it takes to get them to move on to easier targets. If you implement these simple and affordable things, your company will be in a much better place and hopefully secure enough to avoid any major problems from hackers, ransomware, and other threats.