By Rieva Lesonsky
If there’s one thing you can predict about entrepreneurship, it’s that it’s unpredictable. In this special series sponsored by The Hartford, we’ll help you prepare for uncertainty, minimize risks and protect your business.
It seems every day a new cyberattack against a huge corporation hits the headlines. However, many more cyberattacks against small businesses never make news, though they’re far more destructive. Small business owners face the same cybersecurity risks larger businesses do, with one important difference: They lack the resources, know-how or budget to protect themselves.
Just 28% of small and midsized businesses in Ponemon’s 2018 State of Cybersecurity in Small and Medium Size Businesses say they are “highly effective” at mitigating threats, vulnerabilities and attacks. Worse, almost half (47%) admit they have no idea how to protect their businesses from cyberthreats.
At the same time, Ponemon reports the number of cyberattacks against small and midsized businesses is rising. More than two-thirds (67%) of survey respondents had been victimized by a cyberattack in the past 12 months; 58% had suffered a data breach.
The cost of a cyberattack can be devastating for a small company. If sensitive or confidential customer or vendor data is breached, your business has to repair the breach, notify the affected customers, rebuild their trust, and face financial and legal liability for any losses they may suffer. Dealing with a single compromised record costs an average of $148, according to Ponemon’s 2018 Cost of a Data Breach study. It’s easy to see how this could quickly put a small company out of business.
According to the FBI, the most prevalent types of cyberattacks are email scams that download malicious software (malware) onto computers or email phishing scams in which crooks pose as a trusted figure to get access to sensitive data. For example, a hacker may gain access to the email of a company’s CFO, then send lower-level employees phishing emails that appear to be from the CFO requesting payment to an account actually owned by the hacker.
How can you protect your business from today’s sophisticated cybercrooks? Follow these steps.
- Provide cybersecurity training. Develop a cyber security policy that fits your business based on the type of data you collect and how you store it. Make this policy part of your employee handbook and training. The FCC has guidelines small businesses can use to create cybersecurity policies. Conduct cybersecurity training at least once a year to keep up to date with new threats.
- Manage passwords. Employee passwords are one of the weakest links in your cybersecurity system. Requiring employees to use password management tools to create and store strong passwords is the best way to prevent password-related attacks. Require every user on a system to have a unique password and to change passwords at least every six months. The FBI recommends using two-factor authentication for any apps involving financial, personal or other sensitive data.
- Build in tech safeguards. Install firewalls, anti-virus and anti-spyware programs on your employees’ computers. Set these and other software programs to update automatically, so you don’t expose your network to risks by using outdated software.
- Manage remote users. If you or your employees ever work remotely, issue company-provided mobile devices equipped with security and mobile device management software. This allows you to shut down or wipe lost or stolen devices remotely. Set up a virtual private network (VPN) and require remote employees to use it for web surfing and email rather than logging onto unsecured public networks.
- Insure your business. It’s no longer a matter of whether your business faces a cyberattack—it’s a matter of when. Every small business that uses networked computers or stores sensitive data should consider cyber liability and data breach insurance. This insurance can help cover costs such as legal fees and public relations associated with a data breach. Some types of cyber insurance also give you access to professional services to help your business mitigate risk by putting proper cyber security measures in place.
Find out more about data breach insurance for small businesses.
In partnership with The Hartford.