Last year, 47% of small businesses experienced one cyber attack, and 44% – two or four attacks. That’s according to the recent Hiscox Cyber Readiness Report 2018, which covered more than 4,100 organizations across five countries – the UK, USA, Germany, the Netherlands and Spain. Nevertheless, most of those businesses took no actions to improve their security after the attacks.
“Despite the recent scandals and increased media focus on cyber crimes, small businesses are still hoping to evade the next big cyber attack. Many of them have not taken even the most basic steps to protect their resources, their employees, or their customers’ data,” says Daniel Markuson, Digital Privacy Expert at NordVPN. “That might be because cybersecurity seems pricey, but small businesses have many simpler options to choose from.”
According to Daniel Markuson, the previous year proved that security should be at the top of the list for any organization. Cyber crime is lucrative, and any small business with money will be an attractive target – especially if they have little or no security resources. It is estimated that damages from cybercrime may cost around $6 trillion annually by 2021.
Common cybercrime tactics against small businesses include ransomware and spear phishing attacks. The first blocks access to a computer or mobile phone until the attackers receive a ransom payment and the second is an email-spoofing attack seeking unauthorized access to valuable information. Nevertheless, there are many different ways to harm any company or its customers. Some of those methods don’t even require advanced technological knowledge – social engineering schemes are easy and effective to launch.
“For many businesses, employees might be the weak point. Nowadays, even small companies need to have strict policies that apply to all employees and strategies to tackle cyber crimes effectively,” NordVPN Digital Privacy Expert Daniel Markuson commented. “If an attack occurs, even huge corporations face serious problems. For a small business, that might be the end of the road.”
Tips for Small Business Owners to Enhance Cyber Security
Back-Ups. Regularly back up your data in a secure location – offsite and offline. This is especially important in the event of a ransomware attack. For small businesses with less critical data, even external hard drives might be enough. There are also special paid back-up security services (don’t trust free ones).
Accurate List of Inventory and Accounts. Cybersecurity is not just about your computer or smartphone. These days, even TVs and printers are connected to the Internet, so make sure these are secure as well. Almost any connected device can be logged into, so make sure you know how to do so. If the username and password are insecure, change them. Additionally, restrict admin privileges to your networks and accounts. Each employee must have their own credentials with an assigned role for each account used.
Secure Your Data. Encrypting your data makes it very difficult to hijack and exploit. The easiest way to do this is to use a VPN. A VPN service provider can provide any of your on-site employees with encryption so that your data is safe whenever they need to access it. Small business owners often work at office hubs or on the go, which means their data gets sent through unsecured channels. VPNs fix this problem.
Educate Employees.Cultivating a secure mindset should be the entire team’s responsibility. Keep employees constantly informed about the dangers of clicking on links or attachments from unknown sources and educate them about phishing attacks or social engineering. Create a cybersecurity test or use one provided online to understand how much your employees know about security online.
Updates.Make sure that all of your computers, tablets, smartphones and other devices are updated regularly. Do the same for software. New updates often make you more secure by fixing security vulnerabilities and system bugs. Don’t forget to update your firewalls and antivirus.
Password Awareness. Don’t reuse passwords for different accounts or devices. Instead, use strong passwords and change them every three months. Make sure that your company has a strict policy and all employees comply with it. Additionally, share some tips with your employees on how to create strong passwords.