Small businesses have flourished in the digital age, with the Internet providing a host of opportunities to promote their products, expand their customer base and streamline their services. But this increased exposure also brings increased risk. Because sensitive data is now more available than ever, hackers are drawn to this rich store of easy-to-access information and will target organizations to steal their valuable data and disrupt services.
We have seen in the news the damaging effects that cyberattacks can have on large corporations, but don’t let these high-profile cases lull you into believing that your business is too small to be at risk. Hackers are just as likely, if not more so, to target small businesses because they are easier to attack. With big brands snapping up specialist security personnel, smaller companies are left with a lack of expertise, limited technical recourses and a stretched budget, so it is no wonder that they become an easy target for exploitation. By fully understanding the impact of a cyber breach, however, small businesses can take steps toward strengthening their security systems and ensuring sensitive data is out of reach for cyber criminals.
The Impact of a Security Breach
When a company is hacked and personal information is stolen, the cost of repair and recovery can be huge. Not only is there the upfront cost of patching damaged software and running updated security tests on the new system, but there are also hidden costs in the guise of data-protection fines, customer compensation and the expense of service downtime.
Although the financial implications of a security breach can be devastating, the reputational damage to a company can be far more harmful in the long term. In a survey of thousands of small businesses by Cyber Streetwise and KPMG, 31% of those that experienced a cyber breach reported brand damage in the aftermath, 30% said they lost clients as a result and 29% admitted it affected their ability to win new business.
Boost Your Resilience One Step at a Time
Despite the fact that cyber attacks are on the rise, there are more ways than ever to protect your company from a security breach without spending a fortune. Learn from the mistakes of others and address your security weaknesses individually. Most of all, don’t panic!
Learn the value of the information you hold and put money and resources into securing your most sensitive and valuable date. A data-retention policy can help ensure that you’re not spending scarce resources on low-value information such as product inventories and will allow you to focus your efforts where they’re really needed, such as securing customer and financial information.
2. Think like a hacker.
Take the time to speculate on the potential security threats to your business. Work out what your vulnerabilities are and whether you are likely to be a target for ransomware, spoofing, DoS or another attack so you can reduce your risk. Because security threats are constantly evolving, appoint a staff member to stay on top of the latest updates and patches, or consider hiring an ethical hacker who can carry out in-depth “penetration tests” to highlight weaknesses in your network and work with you to find solutions. If that sounds a little out of your budget, consider using an online tool to automatically scan your system for security gaps and work on the fix in house.
3. Stay hidden.
Remote workers are often a target for hackers, as they regularly connect to the network through nonsecured public hot spots. Consider investing in a virtual private network (VPN), which uses an encrypted connection to allow remote workers to connect to your network securely from anywhere while keeping their activity hidden and your company files safe.
4. Run updates.
It may sound obvious, but on top of making sure your anti-malware software is up to date, also ensure that all other programs are regularly updated. That includes your operating systems, applications, plugins and firmware, because by running the latest versions, you can guarantee that your system has the latest patches installed, strengthening your security and protecting against software vulnerabilities. Most programs give you the option to run these updates automatically, so set it up today and let your computer do the work.
5. Rethink passwords.
Weak passwords are a notorious security risk. Strengthen your passwords by using a password manager to generate unique logins and store them securely so you remember them. Or why not ditch passwords altogether? Knowing a key or password doesn’t prove a person’s identity; it simply means that person has managed to obtain the login details required to access the information. By moving to biometric authentication technology such as fingerprint readers, you can ensure that only people with permission can reach your sensitive information.
Statistics from Egress Software Technologies collected last year showed that 62% of data breaches were the result of human error. Often, the culprit is simply a mistake. But uneducated staff members are easy targets for hackers, so making time to regularly train employees on how to avoid security threats can go a long way toward protecting your business. Here are some areas to focus on.
- Email attachments. Sending a file via email gives the recipients unlimited access to the document, meaning they can change or share it however they like without your knowledge. Get your staff into the habit of sharing files using a cloud storage service or file-sharing app so that you can monitor, control and (if necessary) withdraw permissions and downloads of your sensitive information.
- Don’t trust the unknown. Train your staff not to open unsolicited emails containing links or attachments, as they may be a phishing attack containing malware or malicious scripts. Instead, request that they forward these messages to the administrator for validation. Similarly, teach your employees the dangers of downloading software or plugins from an unrecognized source (especially if it’s free), as these programs could contain viruses. Requiring administrator permissions for all downloads may be sensible.
If you’re still concerned that your business is at risk or if you are struggling to find the resources to manage security in house, outsourcing to a third-party service provider could take the pressure off. You will benefit from dedicated security experts and round-the-clock support. And by taking the control off site, it also removes the risk of a cyberattack coming from within. By using the cloud to back up your work off site and in real time, you also protect yourself against security threats such as ransomware. CSPs offer scalable, pay-as-you-go plans that grow with your business, so you can always find a service-level agreement (SLA) that suits your budget. But it’s important to do your research if you decide to outsource your security, because in the event of cyber breach, the responsibility lies with you.
About the Author
Asher de Metz has approximately 20 years of experience in the cybersecurity industry, having served as consultant to some of the world’s largest companies in the top vertical markets. Starting in London, he has worked across Europe and the Middle East. Asher has spent the last eight years in America working for Sungard Availability Services, where he runs the Technical Security Practice.