Many small business owners approach cybersecurity as an afterthought. It’s the whole ‘it’s not real, until it happens to me’ mistake. Look, we get your thinking. You’re a small business, why go after the little fish when the big boys offer so much more?
But that thought is completely wrong.
Hackers Love the Little Guy
Here’s a stat that betrays that stance: over 50% of cyber attacks target small businesses. Why? It’s easy. Would you steal candy from a baby (small business) or a big towering brute (the Apples and Facebooks of this world)?
Small businesses also have a bunch of valuable private data, such as names and addresses. They’re also less likely to have the resources or time to go after the hackers, being willing to just pay the ransom and be done with it.
Scared yet? You should be. If you don’t have the right cybersecurity in place, it’s a matter of when, not if. Here’s how you can improve your setup.
Most companies will have some sort of backup system in place. The problem? It’s usually less than adequate (and that’s putting it lightly!). You’re going to have to go one better than just using an external hard drive.
For example, use a third-party cloud service to perform routine backups. Have local drives in place that do this automatically via your internal network. Local drives are also fine for the occasional backup, but don’t rely on this method. The key is having your data in different locations. If one fails (e.g. your office goes up in flames!), you always have another place to get it from.
Companies often skip this step, but penetration testing is a crucial part of a solid cybersecurity solution. If you’re not sure what it is, here’s the simple gist of it: it’s the process of identifying the ‘weak spots’ in your systems, the paths through which hackers can access and damage your business.
It’s also known as ethical hacking, as you employ a team of professionals to try and break into your system. Once they find the weaknesses, they can be fixed before the real hackers can get there. Reformed hackers are often the best in the business when it comes to this stuff.
Solidify Your Passwords
It’s absolutely unforgivable, but people still use passwords such as admin and password. Yes, password. 1234567890 is also infuriatingly common. People are lazy, which means that even the best security system on the planet can often be no match to an individual’s sheer lack of judgment.
New policy for your company: weak passwords are a fireable offense (well, maybe not, but we hope it sends the message of how serious this is). Our advice is to use a super long password, sprinkle in variety such as random numbers and capitals, and try and use sentences. It’s a simple formula, but it works extremely well.
Manage User Privileges
Most small businesses will hand out user accounts like candy. New recruit? Here you go, full access. High school kid doing some work experience? Hey, we trust you.
This approach usually doesn’t go wrong, as most of us are decent human beings, but when it does, it’s ugly. In 2016, for example, a former systems administrator took down his former employer’s network. The breach was so serious that the company was not able to function properly for a week.
In 2010, we see a similar story: a fired Gucci employee deleted data, hit the off switch on servers, and caused mayhem that cost an estimated $200,000 to fix. Can your small business afford this kind of hit? We didn’t think so.
We advise taking user privileges seriously. Give the virtual keys to senior staff members and those who really need them only (systems administrators, for example). Each user should have their own account, so you can track their behavior in case anything goes wrong. If someone leaves the company, shut down their user account immediately.
Train Staff Members
Human error makes up a huge chunk of data breaches. It’s partly due to people being lazy, but a lot can be attributed to a lack of training and procedure. And that’s down to the business owner.
It’s important that staff members are given routine reminders of what they need to do to protect the business against hackers. Remind them to consistently update their computers, to be aware of phishing scams, and to use decent passwords for absolutely everything they use.
User Anti-malware Software
A good portion of hacking attacks come from malware installed either through clicking an email link or visiting an unsavory website. Anti-malware software is not a catch-all, but it’s an absolute must for any small business. And don’t forget to auto-update.
Don’t skimp on this one, for example by going for a basic free solution. It’s annoying, it’s expensive, and it can slow down older systems, but we recommend going for some of the big names in the business: Norton, McAfee, and Avast are all solid options.
Last Step: Document Your Procedures
The job doesn’t end once you’ve put your cybersecurity plans in place. You’re also going to need to document every single aspect of your procedures. It’s worth going into the minutiae here. When the worst does happen, you’re going to want to know exactly what you need to do. The Federal Communications Commission has a useful guide for this.
Don’t wait until you’ve been hacked. Get moving on your cybersecurity setup today. Small businesses will often not recover from their first major data breach. You’ve been warned.