A study conducted by Cybersecurity Ventures brought forth an astonishing prediction; that the cost of cybercrime on a global scale will exceed the $6 trillion mark by the end of 2021. What makes this news even more alarming is that the amount has grown twice as much from 2015, where the total losses were $3 trillion.
While the future looks bleak for companies irrespective of their size, it is particularly harder on small businesses as they often lack the resources needed to buttress their IT security and bolster protection to allay the risks of cyberattacks. However, most small businesses often think that they are under no direct threat from malicious attackers. What's more, 65% of SMBs do not react after a cybersecurity incident, according to a report by Hiscox.
What SMBs should understand is that no matter what the size, hackers always are looking at them because they have something that the hackers want. In fact, 43% of cyberattacks target small businesses. The motivation behind these attacks can include stealing sensitive information like customer data or confidential business material. Sometimes, hackers also target SMBs to possibly target larger firms linked to them.
With that said, there are a number of things businesses can do to protect themselves from cybercrime. If you run an SMB and find that your cybersecurity is not up to the mark or worse yet, not even a priority, here's how you can change that and protect yourself even with limited resources.
Table of Contents
1. Enforce Secure Password Policies
To keep cybercriminals at bay, businesses should get the most basic step of cybersecurity right first, i.e., creating strong passwords and enforcing secure password policies. Simple passwords are very easy to crack as a password-cracking expert demonstrated a program in 2012 that could work its way around any eight-character password. This is why you should set rigid policies and include things like prohibiting the usage of names, business names, or other words that can be easily guessed.
Set an ideal length and format of your passwords, such as keeping them longer than eight characters and containing a mixture of numeric, lowercase, uppercase, and special characters. Ensure to never recycle your passwords and keep them updating consistently. If you find that the passwords are getting harder to retain, use password management software.
The best passwords are found to be 15 characters long, with a mix of uppercase, lowercase, numeric, and special characters. If you cannot come up with new and innovative passwords, think of a phrase and replace some of its letters with other characters like H@110w£dβ£thynam£ ("Hallowed Be Thy Name"). Change these passwords at regular intervals, as well as each time an employee leaves your company.
2. Keep Software Updated
Many small businesses often put the act of regularly updating their software on the backpedal. This leaves openings for hackers to gain access to computer systems through code defects, otherwise known as exploits. These code defects can go unrecognized for years before they are patched, thus leaving networks highly vulnerable.
This malpractice on the part of SMBs often leaves a gaping hole in their security, exposing very potent security flaws. Hackers often study their potential targets' systems and how frequently do they update their software in order to prey on those businesses who are late to adopt them. This modus operandi of hackers is so prominent that a Fortinet Global Threat Landscape found more than 60% of organized security breaches were targeted at those vulnerabilities and software that were at least ten years old.
Regularly updating your system's software is thus highly crucial for maintaining the cybersecurity of your business. Periodically updated security software ensures that your firewall settings are strong, and any chinks in your security armor are patched to warrant complete immunity against cyberattacks.
3. Backup Important Data in the Cloud
Archiving or backing up important data is a prudent measure that small businesses should take to recover their data in the incident of a cyberattack, device theft, or equipment and data loss resulting due to natural disasters. With the help of cloud solutions like Backup as a Service (BaaS) and Disaster Recovery as a Service (DRaaS), you can efficiently secure your data against unforeseen circumstances.
While backing up your data, ensure to not only secure what's stored on your servers, but also what's present on the client and mobile devices, as well as all your system and device configurations. This will provide an easy alternative to recover your security and user settings when you switch to new servers or devices. There are a variety of cloud storage choices available today, from Amazon to Carbonite to even Google Drive and Dropbox. These solutions are very affordable and easily manageable and thus fit well with small business LAN environments.
To ensure to always stay one step ahead, implement a system of backing up files routinely and storing the data offsite. If any cyberattack were to befall you, in this case, you would have your most current records, thus shortening any downtime. Always remember to encrypt your data too to make it tougher for malicious actors to gain external access to your system without the encryption key.
4. Implement a System Security Plan
A system security plan (SSP) is an absolute must-have since it provides the roadmap for the cybersecurity program of your organization. Without a system security plan in place, your cybersecurity program can wind up ineffective, thus costing your SMB a lot of time and money in the process.
A system security plan (SSP) provides a summary of the security practices that secure your data. The SSP also recognizes system features such as software, hardware, incident-response plans, security measures, and training methods. Furthermore, it also contains details on the process of limiting authorized and unauthorized user access and ensure that employees exercise safe habits and reply proactively in the event of a data breach.
5. Educate Your Staff On Cybersecurity Practices
Despite using the latest software and having the best security measures in place, if you aren't doing much to educate employees on cyber-hygiene, you are risking the integrity of your digital security. According to a study, more than 90% of security breaches take place because of employees unknowingly letting cyberattackers in by falling victim to phishing emails or even by using weak passwords.
The more your workforce is adept with cyber-hygiene, the better they will know how to protect sensitive data. You can conduct a simple cybersecurity seminar that teaches them the basics like not opening attachments they didn't expect, teaching the importance of changing passwords regularly, and encrypting sensitive or personal information, among others.
SMBs wanting to educate their employees can follow the lead of the Henry M Jackson Foundation, a medical nonprofit research organization. Since one of the most common threats is phishing, the foundation devised a clever way of educating its employees by sending them fake phishing emails frequently. When they first started doing it, the email clickthrough rate was 27%. The foundation then started displaying pop-ups(s) whenever an employee unwittingly clicked on an email, thus making them more aware of cyberattacks in the process and inducing a practice of not taking similar baits in the future.
6. Secure Your Company Wifi Network
Last but not least, set proper measures to secure your company's wifi network. Double-check to ensure that your router is stored in a safe location with restricted access. Apart from securing the physical location of the router, make sure to also change its default login information. Change the service set identifier (SSID) name of the network so that it can be found by only those people whom you want to be visible to.
Apart from strengthening the basics of wifi security, check to see if there are any periodic firmware updates for your router. These updates are often introduced to solve particular, documented vulnerabilities, and they self-install too after downloading. Remember to also use the default encryption protocol WPA and ensure that your router is WPA-compatible.
As part of fortifying your wifi network, you would do good to double up on your firewalls. Check for inbuilt firewall like SPI and NAT that come with your routers and keep them enabled. While you are at it, set up private and public access of your router to make two points of access to your network: one for your team, and another for customers. You can also turn off your WPS and disable the DHCP router to limit the number of devices on your network, thus helping you gain greater control of them.
Running a small business is a tough job and often takes placing things on the back burner to tend to more urgent tasks. However, cybersecurity is not one of them. SMBs should do well to remember this and not treat it as an afterthought because their limited resources often mean that they make for much easier targets, leaving them more prone to cyberattacks and/or cybercrimes. Following the above practices will bode well for the security efforts of SMBs and ensure that they are primed for success in the long run.