Published: March 6, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
If you own or work for a small business, the threat of a cyberattack always looms large. According to Accenture, 43% of cyberattacks target small businesses. And while almost half are at risk, only 14% believe their systems can withstand an attack. Ponemon Institute found that 66% of small-to-medium-sized businesses were victims of cyberattacks last year, and the National Cyber Security Alliance reports 60% of small companies shut their doors within six months of a cyberattack. According to Hiscox Insurance, the average price of a small business cyberattack is $200,000.
The good news is that regardless of budget size, following practical cybersecurity steps can help keep your small business in business.
System Security Risk Assessment
Evaluating threat levels to find where vulnerable system security lurks should be a part of any information technology strategy. Mitigating the risk of cyberattack should be done by IT personnel, either an internal team or an outside IT service provider. The benefit of an internal IT staff is that a dedicated team has a greater understanding of your systems. Also, the cost of an IT staff remains the same, and they are always present if an incident arises. Choosing to use an outside IT team may be more cost-effective, depending on the package you choose. The downside is you have to trust an outside party with your systems, and they are not immediately onsite when an incident occurs.
Employee Education and Training
As the adage says, you’re only as strong as your weakest link, and that link may be an employee. Infosecurity finds 43% of data loss stems from employees, whether by mistake or intentional. Statistics from IRONSCALES finds 90% to 95% of successful cyberattacks are the result of a phishing scam.
Since one wrong click on a phishing email can bring down a business, cyber-smart employees can be your first line of defense against an attack. From a new hire to C-level, all employees are subject to the same hacking schemes and training should be for all staff, no matter the position. Starting with education on security basics, training should be done at regular intervals that includes changes and updates to current trending attacks.
Strong Passwords and Credential Authentication
Using strong and unique passwords doesn’t cost anything, but not using them often does. A report by Keeper Security reveals that most breaches come from weak or stolen passwords, and the importance of using secure passwords can’t be overstated. Screening for reused, weak and compromised passwords is something IT can and should do for password protection. For companies who use a BYOD (Bring Your Own Device) policy, strong passwords and the latest software updates should always be required. Use two-factor authentication (2FA) and multi-factor authentication (MFA) as an extra layer to confirm the right person, and not a bad actor, is accessing your system and its data.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com