October means fall color across the trees, Halloween, and pumpkin-spice-everything. But these days, October is drawing an increasing amount of national attention as Cybersecurity Awareness Month.
For some, that means safeguarding children online or taking extra steps to secure personal finances, but equally important is protecting your small business. A
ll too often, data breaches make news headlines but the attention received by business behemoths like Medical Informatics Engineering and Premera when they were hacked has given many SMB owners a false sense of security.
In reality, the National Small Business Association reports 44 percent of small businesses were victims of cybercrime, with an average cost of $9,000 per cybersecurity attack.
Small business owners can’t assume cybercrime won’t happen to them. One wouldn’t leave the doors of your brick-and-mortar location doors flung open all night with shelves stocked full of valuable merchandise and hope nothing happens. By not protecting your business online, that’s essentially the risk you’re taking.
While your business might survive a night or two unscathed, your luck will eventually run out. It’s the same principle with cyber security threats.
According to the Online Trust Alliance, nearly 90 percent of cybersecurity breaches could have been avoided with simple controls and security best practices. Outlined below are 10 steps you can take to mitigate your risk.
- Identify what data is at risk. Create an inventory checklist and understand what people, apps and devices have access to what data. Consider customer data, employee data, financial data and other data such as trade secrets or marketing plans.
- Back up automatically. Regularly back up critical email and shared data on all computers and store using a secure cloud solution such as Office365.
- Keep clean machines. Ensure the technology at your business has the latest versions of applications, web browsers, and operating systems. Modern hardware is the best defense against viruses, malware and other online threats.
- Secure your networks. Make sure the operating system’s firewall is enabled. If employees work from home, ensure that their home systems also are protected by a firewall.
- Implement a mobile-device management plan. Mobile devices can create significant security challenges. Require users to password protect devices, encrypt data and install security apps. Set policies to manage the use of personal technology.
- Restrict user access. Ensure each individual employee or vendor can access only the data they need. Make sure a separate user account is created for each employee and require strong passwords.
- Create a response and recovery plan. Speak to your insurance agent about cyber-policies that might be right for you and create a plan for how to best respond if a cyberattack occurs.
- Educate employees on cyber-security best practices. Create a training plan and keep records for each employee’s participation.
- E mploy best practices for business credit cards . M ake sure your card readers are using modern EMV-chip technology, which make transactions safer by creating unique transaction codes that can’t be used again.
- Enlist the help of a partner. Use Pinpoint to find the right technology partner for your business and consider acquiring business cyber insurance to minimize the financial fallout from an actual cybersecurity attack and cover any gaps technology alone can’t fill.
Think you’ve already got your business covered? Take this short cybersecurity IQ quiz to test your knowledge and take steps to fill any gaps that might put your business at risk.