Small Business Cyber Security: How to Prevent a Cyber Attack on a Budget
February 07, 2017
Introducing the Hiscox Cyber Preparedness Report 2017
Regardless of the industry or its size, businesses are falling victim to cyber-attacks at an ever-increasing rate. However, reports show that small businesses face disproportionate costs when it comes to protection efforts. According to Hiscox’s Cyber Preparedness Report 2017, small businesses lose an average of $41,000 per cyber security incident. What’s worse, is that 60% of small businesses can expect to be hacked in a calendar year, according to the report. With so much at risk, it’s important for small businesses to find effective and affordable ways to protect themselves from cyber thieves.
Why Are Small Businesses Less Protected Than Large Ones?
When businesses are small, they have less money to spend on cyber-security. Often, small business owners set up basic security procedures when they first start their companies but fail to update their initial systems to handle advanced attacks. Budget struggles have these owners turning to the hope that they won’t be targeted instead of feeling confident that the security procedures they have in place are enough.
Reports also show that small businesses may not train their employees against cyber-attacks as extensively as large companies do. Along with this, small businesses are less likely to hire IT staff to detect risks and ensure that they stay current with security trends and dangers.
How Can Small Businesses Affordably Protect Themselves Against Cyber-attacks?
In Hiscox’s Cyber Readiness Report 2017, firms stated that their key cyber-security initiatives included reacting quickly to cyber incidents, having the ability to address current threats and establishing where vulnerabilities lie. However, the report found that small businesses are falling behind large ones when it comes to protecting themselves, so how can you keep your company protected without breaking the bank? You can do so by:
• Making sure that you know the evolving risks
• Allocating an appropriate budget to fight against cyber-attacks
• Using your telephone to confirm financial activity
• Creating security protocols that are a part of your company’s corporate culture
• Limiting physical access to data
• Turning to the cloud
• Updating your company’s software
Know the Evolving Risks
Cyber-security vigilance begins with making sure that you know what risks currently exist and what ones may be on the way. Due to their nature, small businesses have internal and external vulnerabilities that can be their undoing. Small business leaders should know how hackers could get into their systems and be aware that hackers may have different reasons for wanting to. Some hackers are looking for a quick buck while others may have a vendetta against the company or the industry.
To stay protected, small business leaders must stay on top of the different types of cyber-fraud schemes and particular threats that are out there today. These range from the spoofing scam, which is when a thief pretends to be a government agency or other kind of company to acquire sensitive information, to phishing schemes. If your company becomes the victim of a phishing scheme, then a cyber-criminal will have tricked you into sharing data.
Don’t Skimp on Cyber-security
Reports show that in recent years, small businesses have been cutting the amount that they’re spending on cyber-security. At the same time, large corporations have been increasing their budgets for it. While one could argue that large businesses have more at risk and an attack against them would likely result in more people being affected, it doesn’t mean that small businesses can skimp in this department. Make sure you’re spending enough to protect your company.
Embrace the Telephone for Confirmation
Instead of depending on email to initiate or finalize financial transactions, authenticate and confirm them by telephone. Do this even if you’re working with your bank, clients, vendors and employees. Consider implementing a two-step confirmation process when you’re approving outgoing funds to increase the affordability of your small business’ security. This will protect you from losses.
Employee Training: Develop Security Processes That You Can Entrench in Your Company’s Culture
For 77% of US companies, employee training has significantly reduced the number of cyber hacks and incidents. Outlining security protocols that everyone must stick to is vital, but to ensure their effectiveness, make sure that these policies are entrenched in your company’s culture. This means including them in every process and in every decision that you make. Security protocols should be embedded into business strategies. They should also be a part of how every staff member operates.
A small business’s employees are its gatekeepers. These individuals are your company’s first line of defense. They are responsible for keeping your business’s information safe and defending it. Make sure that your employees are educated about the:
• Warning signs of cyber-attacks
• Safe practices that they should use
• Proper way to respond to a cyber-attack
Also, implement complex system passwords that are unique while maintaining a corporate environment that prevents personal and confidential information from being exposed.
Use separate computers for business and home. If your company is especially small, you may be tempted to share your laptop with your family. Instead, purchase computers that are dedicated to your company; these should be ones that have systems in place to safeguard the device, your data and identities.
Limit Physical Access to Your Company’s Data
One way to keep your business safe is to limit people’s physical access to data. Lock your company’s server room and permit access to just those who need it in the moment. If you keep physical system backups on-site, make sure that they’re locked up. Safeguard your company’s devices and its information with basic protections. This may include using laptop locks or security covers on all of your company’s tablet devices.
Sign Up for Business-class Storage
In many ways, the cloud has been a lifesaver for small businesses. It is affordable and simplifies storage and data sharing. If your company has turned to the cloud, make sure that the applications you’re using are designed for business use. If they’re not, they can put your information at risk. With a business-based cloud account, your company will have the proper protections in place.
Update Your Company’s Software
Pay attention to the end dates of your company’s antivirus software and other security applications. Companies that provide antivirus software are constantly searching for ways to improve their products to keep businesses as secure as possible. Don’t let their efforts go to waste by failing to activate automatic updates or hanging onto out-of-date software and equipment.
Staying Protected Against Cyber-attacks
While it’s impossible to protect against every cyber-security scenario, you can increase the security of your company by staying current on the risks. It’s important to use the telephone to confirm transactions and limit access to your company’s data. These steps are not only effective, but they are also affordable. You’re sure to sleep better at night when you know that your company is as safe as it can possibly be from cyber-attacks.
Traxler and Associates
Dan Traxler is the owner of Traxler & Associates. He provides tax preparation for both individuals and business filings. He processes returns for all states that require tax filings and has clients throughout the world. Dan is a veteran of the U.S. Army.
Central California EHS
Michael J. Puckett, is President and Principal Consultant of Central California EHS, a professional Environmental, Health & Safety resource working in partnership with organizations to provide a broad range of technical and business safety solutions. Michael is a veteran of the U.S. Army.