If you've been paying attention to technology news over the past few years, you're probably aware of the significant increase in network breaches and subpar internet security, and how that has affected many businesses of all sizes. For example, the infamous Sony Pictures hack in late 2014 brought the production company's operations to a halt for weeks on end. Thousands of pages of confidential information were leaked, allowing unauthorized access to celebrities' personal information, including salaries, accommodations, and emails. Although Sony is a multinational corporation, cyber attacks can and do happen to small businesses as well. Anyone who accesses the internet is at risk.
Cyber threats come in many shapes and sizes. The most prevalent breach is Malware: malicious software which, when present on a computer or network, can wreak havoc for a user. From data erasure to data theft, malware is a problem for all computer users and can be especially catastrophic should it make its way onto a business network.
As a small-business owner or manager, you most likely are trusted with a large amount of confidential customer information, as well as your own financial and sensitive internal business data. A network attack can put your business' reputation in jeopardy. Besides the potential of an ensuing PR nightmare, there are also financial repercussions of picking up the pieces after a cyber attack. Recovering from a network breach, on average, can cost a small business owner over $10,000. Larger businesses cost much more depending on several factors, including industry compliance requirements like HIPAA. This is why it is crucial that all businesses, no matter how small, protect themselves from cyber threats.
While there isn't any one single thing you can do to secure your network completely, here are some simple, yet important, steps that you should take in order to reduce your risk to your business, your customers, and yourself.
Many small-business owners think their business is too small to be attacked. This is far from the truth. All businesses are at risk and, as such, must view cyber security in a logical and serious manner in order to prevent the theft/loss of data and other potentially fatal attacks. Security needs to be a mindset. Most small business owners think nothing of putting an alarm on their office or building, even cameras are standard, however very little thought is given to cyber security. Change your mindset!
Your IT provider is there to help you and, trust us, they take their own cyber security seriously! Your IT company not only sells services to effectively secure your network, but also is able to provide you with advice on how to use your current network equipment/services to increase your business’s network security efforts. Additionally, your IT provider can equip you with an analysis of your current security setup, offer suggestions and additional solutions to meet your security needs.
Unfortunately, most cyber security threats are internal, meaning they come from mistakes by the hand of an employee within an organization. While these errors are usually not of malicious intent, it is important to train your employees in internet and email security/safety so they know how to prevent breaches from occurring. It will cost you very little to make sure your employees get proper training and is worth the investment as it can ensure fewer headaches down the line for the business owner. Training should include basic email security: warn your employees of the hazards of clicking on unsolicited email, email attachments and links. Additionally, heightening password standards can go a long way; ensuring that employees strengthen their passwords with numbers and special characters is a must, as well as requiring semi-regular password changes. As you can see, little effort is required to receive immeasurable payoffs for your business.
It has been estimated that over 75% of small businesses do not have a detailed internet security policy. This is a huge mistake! Creating rules or guidelines for internet use is incredibly important for setting a standard of cyber security within your business. Your employees need to know that you take internet security seriously and that disregarding said rules/guidelines will have consequences. If your employees are responsible for handling customer data, there also needs to be protocols set in place for that as well. In order to have a well designed approach to cyber security, creating a detailed protocol is vital. Make sure you have a policy manual written, distributed, and communicated to every single person within your company.
Work with your IT provider to create a comprehensive cyber security risk assessment. This assessment should include any and all businesses or vendors who have access to your data or network. Be thorough! Like we mentioned previously, breaches can be caused by both external and internal factors.
Security software is a daunting subject, as there are many products from which to choose. Having the right software is absolutely vital. One of the biggest challenges for cyber/network security is how often the online landscape changes; because of this, well designed security software is constantly updated to address existing and future threats. Investing in the right program - one that is reliable, consistently updated and maintained - can help significantly in keeping your information and network safe from cyber threats. Since there are so many choices, discuss software with your IT provider; they have the expertise that is essential for choosing the best security software. Additionally, you can seek advice from other small businesses in your industry who have a good handle on their own cyber security as they might be able to recommend a powerful security software that works well for them.
Bring Your Own Device (BYOD) policies, where employees are allowed to use their own devices at work, are becoming increasingly popular in the workforce. Similarly to creating internet usage guidelines, it is imperative that you also develop guidelines for mobile device security. Luckily, there are now many apps that can ensure the security your employee’s work/personal devices, the best of which are known and likely used by your IT provider. We also highly recommend requiring your employees to use a unique passcode to access their device; something as simple as a passcode can greatly improve mobile security.
Finally, creating an easy way for employees to report attacks is essential to improve your business’ cyber security. As stated earlier, security breaches can occur in many ways; something as simple as a spam email with an unwanted attachment can be the start of a network breach. Training your employees to not only avoid opening emails from unknown senders, but also to report any and all attacks makes it easier for your IT department to handle impending or future threats or breaches. To ensure the reporting of all breaches, make sure to clearly outline reporting methods in your employee handbook and internet rules/guidelines.