Published: December 31, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
“Cyberattacks only happen to big companies with lots of valuable data and assets to steal,” thought most small business owners at one time or another. But there’s a false sense of security when SMB (small-to-medium-sized business) owners believe hackers aren’t interested in a small company. After all, bad actors will just move on to bigger and better targets with much more to steal, right? Wrong.
Think about this: 60% of SMBs are out of business within six months of a cyberattack.
Small businesses have their own unique set of challenges keeping hackers from invading their data systems. Many small business owners suspect their data security is lacking, but they also need to realize in today’s ever-expanding threat landscape, crossing their fingers is no longer a security option.
There’s plenty of valuable data worth stealing from small businesses, just like from larger companies. Hijacked information like credit card details, passwords, and other PII is equally as useful and destructive. The stolen data can also lead to supply chain attacks, where info stolen from smaller businesses can be used to catch bigger fish. Also, employees at SMBs and larger businesses both face similar cybercrime attempts daily, like email phishing, ransomware, and other malware attacks.
Turning a “Don’t” into a “Do”
Reviewing the following common cyber-mishaps, or “don’ts” that any small business experiences can help avoid a security incident. Remember, it’s important to recognize cybersecurity weaknesses also exist from within and acknowledge your data system and employees as they currently are – vulnerable to attack.
Don’t use weak passwords. Complaints about creating strong, unique passwords for every account aren’t as cringe-worthy as they sound. Using three random words together should suffice. Also, using a password manager takes the stress out of creating and remembering strong passwords. Just keep in mind there are risks to these as well; such as if an attacker gets your master password, they also get all of your other ones.
Don’t lag behind applying system and other software updates, including security patches. Updates and patches often fix security bugs that hackers know to exploit. Applying them quickly should be a top priority for any business.
Don’t ignore MFA (multi-factor-authentication) when it’s available. Each MFA adds a layer of security, separating those with legitimate access to information from those looking to do harm. Implementing MFA can be as simple as having a verification code sent to a mobile device.
Don’t wait to backup data. Even though there may only be a handful of devices being used at a small business, when data is properly backed up, it’s tucked away and safe from abuse. It’s most important to store data backups offline and away from a hacker’s reach, and to do them regularly. Backups restore data quickly so business downtime and other costs that associated with a hack are minimized.
Don’t overlook employee basic cybersecurity training. Staffers are often the first line of defense against cyberattacks. On any given day, they face email phishing, infected attachments and links, malware, and a host of other potential attacks. Cyber-smart staffers know how to prevent them from going any further, and whom to report these incidents to. Remember that overall, the more cyber-smart your staff is, the safer your business can be.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org