Cybercriminals Target Smaller Businesses, Too
Massive cybersecurity attacks at larger companies that affect millions of users or threaten infrastructure dominate the headlines — and rightfully so. But small and medium businesses are not immune from the illicit works of cybercriminals. Operating under the assumption that it’s not “if” your business will fall victim to a cyberattack but “when,” many large businesses opt to carry cyber liability insurance. However, even if a small- to mid-sized business could afford such insurance, keeping the premium affordable often requires a significant deductible.
Let’s face it – smaller enterprises have it tough enough without an additional expense for something you may or may not need. Instead, review your cybersecurity practices to root out errors and take steps to correct them.
Remember the humans
Cybercrime is considered a computer crime, but in reality, it’s a human crime. There are humans behind the attack, and its success is often assured by human error on the other end. Whether it’s a disgruntled employee or a careless click on an emailed link, reinforcing your training and your security measures will help mitigate the human influence.
Begin with the basics, and that is tightening up your passwords and authentication. Forbid employees from sharing passwords and require multi-factor authentication. In some fast-paced business environments, employees even write passwords down in workspaces where they could be seen by office visitors — if this is common in your business, put an end to it immediately. For systems that require frequent access by several individuals, switch to fingerprint authentication or other biometrics.
Instead of Word documents, save your documents as PDFs. PDFs are more secure than Word documents so you’ll have an extra layer of protection when sharing documents within your company. If you need to make extensive edits to a PDF, you can convert a PDF to Word using an online converter tool that preserves your fonts, format, and images. Once you’re done, resave the document as a PDF.
Humans are also responsible for keeping your security software and patches up to date. Set up a reminder system to ensure that this simple step does not get overlooked. If your IT staff is overwhelmed or your business is so small you can’t fully staff your IT and cybersecurity department, find qualified security professionals. Look for professionals who can offer training, as well as perform basic security assessments of your computer networks, make recommendations, and implement changes.
Make sure that you have robust backup systems and procedures in place. Thanks to cloud computing, even smaller and medium-sized businesses can now store their backup data off of the business premises. If you have automated backups, you still need a human to test and verify them. In addition to normal computer crashes and failures, your backup data provides you with leverage to not feeling squeezed by an extorting cybercriminal to pay a ransom after a ransomware or other data breach incident.
It’s also critical that you have an effective data recovery plan in place in case of a cyber attack so you can get your business up and running quickly. Your plan should determine which systems and data you’ll need to recover first, define objectives, and name which individuals will be charged with implementing your plan.
Beware of the public
Make it a business policy that employees cannot access public wi-fi on company devices, which can put your data at a higher risk of nefarious access. Obviously, the portability of today’s devices means they are frequently taken out of the office, so make sure you prevent — as much as possible — access by successful device thieves. In addition to ID tags on all devices, install or activate tracking devices so you can track any of your company’s lost or stolen equipment. If feasible, consider installing security cameras around your office, as well.
Use an old-fashioned tracking and recording method: the device log. Write down the serial number and other identifying specifications of each device and who that device is issued to. You will need this identifying information for law enforcement, and the log provides another tracking and accountability record for your enterprise. Be aware that stolen laptops are rarely recovered, so deterring access to equipment and the data it contains is your best bet.
Don’t skimp on security
Your data churn the wheels of your business operations, from customer orders to payment systems to inventory tracking. Protect it as though your business life depends on it because, in the event of a cyber breach, that could very well be the truth.
Want your resume to stand out from the pack? My CV Creator can help you create and build professional-quality resumes, cover letters, and resume websites!