If you think cybersecurity is someone else’s problem, you’re making a big mistake. Sure, billion-dollar corporations and their very public battles with issues such as ransomware attacks typically garner most of the headlines. Make no mistake though, small businesses are far from immune to cybersecurity troubles. In fact, they’re just as susceptible as their larger counterparts.
According to Accenture’s Cost of Cybercrime Study, 43% of all cyberattacks target small businesses. But less than 15% of the businesses that fit that description are prepared to protect themselves should their systems get breached.
With cybercrime up 600% since the start of the pandemic, every company should consider themselves vulnerable. This year, a new cyberattack is expected to occur every 11 seconds, and the total cost to the businesses victimized should total more than $5 trillion. Even if it doesn’t seem like it, your business is at risk.
To get an expert’s opinion, we sat down with Derek Gabriel, CEO of Ignite Solutions Group, a BBB Accredited IT services provider based in Hawaii. “As a small business owner, you might think, ‘Well, I don’t have anything of risk, and therefore I’m not going to take any of these extra precautions,’” says Gabriel. “When you flip that around, what that means to an attacker is, you don’t have sufficient security, so you’re an easy target.”
What your business stands to lose by failing to take those cybersecurity precautions is more than just monetary. Your reputation is at stake. Just one cyberattack can undermine the time and energy you’ve spent building trust around your business.
Customers and employees rely on you to safeguard their privacy, including any information they willingly supply to support your operation; Names, addresses, phone numbers, dates of birth – that’s all information cybercriminals target in an attack. If your cybersecurity shortcomings are why information gets stolen, your clients, partners, and workforce will not forget it.
“It’s important that, from a trust standpoint, you are doing everything you can to protect your customers,” said Gabriel. “Your customer has faith that you’re doing that, so you should really follow through.”
Fulfilling your business’s responsibility to protect the data it collects is easier than you think. It just takes a commitment to promoting consistent cyber hygiene. Gabriel shared four practices your business can implement right now to up its cybersecurity measures.
You likely already know how important it is to secure your passwords. Maintaining unique login information for accounts connected to your business is essential in defending your data against a cyberattack. But depending on the size of your operation, performing that maintenance on your own is likely unrealistic.
The good news is help is readily available. Password management software allows you to store your login credentials for websites you regularly interact with and then automatically logs you into those sites. They also help you avoid the weak, reused passwords many of us wrongly rely on.
Plus, as Gabriel states, access to password management resources is both easy and affordable.
“Ultimately, the most secure passwords are going to come from a password manager device. And if you’re an individual or a small business that doesn’t have the budget to spend on additional software, then the modern browsers like Chrome and edge have built-in password managers now.”
Every online business account can benefit from installing a few extra security checkpoints. Multi-factor authentication offers those barriers. And when it comes to cybersecurity, that can be a game-changer.
“Multi-factor authentication stops probably like 90% of basic cyberattacks. Enabling that essentially is going to protect your account to a point where even if your password was breached, that threat factor could not get into your account.”
Entering in a strong, unique password, for example, is considered just a single factor. Incorporating additional factors, such as a face or thumbprint scan and then an app that sends a code after you log in, constitutes multi-factor authentication.
Yes, taking the time to update your devices is annoying. It also works. When your system tells you it’s time to keep things current, there’s a reason. Cyberattacks evolve, and updates help you stay on top of the latest tactics for taking your information.
“Typically, if a device is reminding you to do updates, it knows that there’s an important security update that potentially patches a vulnerability that you have. So, they’ll only try to nag you when it’s really important.”
So, the next time you get notified of a system update, act. It’s certainly cheaper than a cyberattack and will spare you the time you’d spend cleaning up after a breach.
You may need to enroll your business in cyber school.
If your team knows how to spot a cyber threat, and you’ve learned how to react if one infiltrates your system, then it really improves your business’s ability to weather an attack. In many cases, that knowledge can help you avoid an attack altogether.
Invest in tools and training that empower your employees to better identify a phishing email, for example, and educates them on steps to take should they encounter a malicious website. It’s knowledge that will help
Does your organization have successful cybersecurity protocols in place? We want to know how you’re protecting your team from an attack. Leave us a comment with tips and practices that work for you.