Management, Compliance & Auditing

The small business owner’s guide to cybersecurity

November 17, 2020 by Christine McKenzie

Introduction

If you pay attention to the news, you’ll probably see stories about major companies like Capital One and Equifax getting attacked by hackers. However, you may not see stories about the hundreds of small businesses targeted each year by the same cyber-villains. 

Here are some startling facts about small business cybersecurity: 

  • 76% of cyberattacks occur at companies with less than 100 employees
  • 60% of businesses go out of business within six months of experiencing a cyberattack 
  • Cyberattacks against small businesses cost $34,604 on average 

To compound the problem, small businesses are more likely to be re-victimized by attackers. Since it takes an average of 191 days for a small business to realize it’s been attacked, attackers are inclined to strike again and again before they’re stopped.

While this paints a dire image, there’s still hope. Let’s take a look at the most common cyber threats faced by small business owners and how you can keep your company protected! 

What are the biggest cybersecurity threats facing small businesses? 

Cybercriminals use sophisticated methods to attack businesses. Here are some of the biggest threats facing small businesses. 

Business email compromise

When it comes to infiltrating business emails, hackers like to use one of two methods: phishing and impersonation. During a phishing attack, attackers will attempt to trick a user into revealing their username and password. Once the hacker has this information, they can log into the business email and use it as a platform to launch additional attacks. 

Impersonation attacks use a different method to achieve the same goal. An attacker will impersonate a company higher-up, usually a CEO or vice president, and create an email address similar to the CEO’s actual address. They will then email a victim, typically someone with access to sensitive information, like an employee in the human resources or billing department, and try to press them for sensitive information. Since the victim thinks the email is coming from their boss, they’re tricked into responding before they realize it’s all a ruse. 

Ransomware attacks

If you’ve seen an action movie where criminals take hostages and ransom them back for money, then you’re familiar with the concept of ransomware attacks. Instead of human hostages, ransomware attacks will hold your network hostage until you pay a hefty fee. 

Cryptocurrency mining

Sometimes, hackers aren’t after your data. Instead, they want to piggyback on your company’s computer networks. In most cases, they’re sucking up your bandwidth and processing power for cryptocurrency mining. These attacks can impact any internet-enabled device, including computers, smartphones, routers and even printers. 

How can you protect your business from cyberattacks? 

Cyberattacks against small businesses are rampant, but that doesn’t mean you can’t protect yourself and your business from potential attacks. Here are some strategies you can use to keep attackers at bay.

Use antivirus software 

A trusted antivirus solution can go a long way towards protecting your small business’s computer network. When installed on your employee’s computers, the antivirus program will help shield the device from incoming attacks. If malware does happen to make it through the first line of defense, a routine virus scan should be able to find and quarantine it before serious damage is done. 

Since new types of malicious programming are emerging on a near-daily basis, it’s important to keep your antivirus program updated.

Control physical access

Not all attacks are carried out digitally. Company devices like laptops, tablets and smartphones can easily fall victim to theft. Luckily, you can prevent thieves from gaining access to company data if you plan accordingly. Cybersecurity experts recommend that you use separate user accounts for each employee and require strong passwords. And when it comes to administrator privileges, only IT staff and trusted personnel should have them. 

Safeguard your networks

Network protection is essential to keep out intruders who would otherwise spy on your activity and steal sensitive data. You can protect your network by ensuring your Wi-Fi network is private and password-protected. You can further safeguard the network by encrypting your data and using a firewall. Encryption is especially important for email, since your employees will have to communicate about sensitive topics from time to time. 

Use secure payment processing 

Many small businesses, and especially those in the e-commerce niche, need a way to receive payments via their website. And while the convenience of online payment systems is undeniable, they also come with inherent risks and vulnerabilities. 

While there’s no way to completely hacker-proof your payment processing tools, there are ways you can securitize them. Cybersecurity experts recommend that you keep payment systems separate from less secure programs or use a separate computer entirely. 

How can you empower your employees to identify threats and prevent attacks? 

If you compare your small business cybersecurity program to a suit of armor, then the individual users (aka your employees) are the gaps in the armor. That’s not to say they’re intentionally putting themselves at risk. Instead, their vulnerability is often due to a lack of cybersecurity awareness that can be remedied by training. In fact, employees who know how to identify and report potential cyberattacks are some of your greatest frontline allies! 

Give your employees a crash course in cybersecurity

At a small business where cybersecurity staff might be limited, your employees are your first line of defense. Training them to understand common cybersecurity risks and how to avoid them will go a long way towards preventing attacks. 

The Small Business Administration recommends teaching your employees about: 

  • Good internet browsing practices 
  • Password creation and protection
  • How to spot a phishing email 
  • How to avoid suspicious links and downloads 
  • Best practices for protecting vendor and customer information

Use strong passwords

Passwords are designed to grant users access to their accounts while keeping out unwanted visitors. That’s why it’s surprising that many users fall back on basic passwords that are easily guessed by hackers. Using a strong password can pose a serious challenge to hackers trying to brute-force their way into accounts. 

Here are some basic rules of thumb that every password should follow: 

  • Minimum of 10 characters in length 
  • At least one uppercase letter and lowercase letter 
  • Minimum of one special character 
  • At least one number
  • Avoid common phrases or terms 
  • Avoid using your name, birth date or any personal information that’s easy to find on social media

Enable multi-factor authentication

You can add an additional layer of protection to your employees’ accounts by enabling multi-factor authentication. Every time your employee enters their password, they’ll also have to complete an additional security check before they can access the account. Usually, this extra step is a simple code that arrives via text message or automated phone call. Since hackers can rarely gain access to employee phones, multi-factor authentication can usually repel any incoming attacks. 

Keep your small business secure with cybersecurity best practices! 

As a small business owner, you’re used to everyday challenges like hitting revenue goals and keeping your employees happy. But you also have to worry about protecting your data from crafty criminals. 

Small businesses are an appealing target to hackers because they typically have fewer cybersecurity resources than major corporations. While the likelihood of being targeted is high, there are steps you can take as a small business owner to protect your and your customer’s personal information. 

 

Sources

The Small Business Guide to Cybersecurity, Score

Stay safe from cybersecurity threats, SBA.gov

Posted: November 17, 2020
Articles Author
Christine McKenzie
View Profile

Christine McKenzie is a professional writer with a Master of Science in International Relations. She enjoys writing about career and professional development topics in the Information Security discipline. She has also produced academic research about the influence of disruptive Information and Communication Technologies on human rights in China. Previously, she was a university Career Advisor where she worked extensively with students in the Information Technology and Computer Programming fields.