Today’s businesses face cyber threats every day. In just the first six months of 2019, data breaches compromised more than 4.1 billion personal records, with email and password records the most common types exposed. And that’s just the breaches that were publicly reported — who knows how many smaller breaches went undisclosed, or even unnoticed.
You probably think of huge companies like Equifax or Target when you think of cyber-attacks and data breaches, but small companies aren’t immune to cybercrime. Fifty-eight percent of cyber attacks target small business because even small businesses possess data that is valuable to criminals. The total cost of cybercrime is expected to skyrocket to $6 trillion by 2021.
What can you, as a business owner, do to protect your livelihood and your reputation? A comprehensive cyber security solution for your business network, and all of the devices connected to it, is vital, but that’s just one part of the puzzle. You also need to educate your employees about cybercrime and the risk it poses to your business and implement a sound policy to protect your business’s and your customers’ data.
Implement a Comprehensive Solution
These days, a single antivirus program isn’t enough to protect your business network and the data it contains. How many people do you know that only go online from a single desktop computer, which remains in the home? How many smart devices — tablets, desktops, laptops, tablets, security cameras, and so forth — does your business use every day?
Most people today use smartphones or tablets to do much, and often, all, of their web browsing, shopping, emailing and social media networking. You probably use tablets and smartphones, as well as desktops and laptops, to do business. Your company might even use smart devices like smart closed-circuit cameras, smart locks or smart lights for security. The average business network has a much wider range of devices connected to it than even a few years ago — and not only are there more devices on your network than ever before, there are more different types of devices on your network, too, and some of them may not be as secure as others. If you’re a small business with a BYOD policy, you’re also inviting potentially compromised devices to access your network.
A comprehensive security solution can provide the protection you need for all of your network devices. A good solution for business, like Tipping Point from Trend Micro, provides real-time threat monitoring, detection and intervention. You need a system that will automatically work to shore up vulnerabilities, as well as one that’s scalable, so it can grow as your business grows. Even the largest and most dedicated IT team can’t do what a good threat detection system can do, and many small companies definitely don’t have large IT budgets.
Educate Your Employees
Threat detection is non-negotiable, but you can also eliminate many threats by knowing how to identify them and training your employees to identify them, too. Hackers and cyber criminals are increasingly using social engineering tactics to gain information that they can use to access business networks.
Phishing scams are among the most common social engineering scams. Sometimes, scammers use old-fashioned tricks to gain access to systems and information. They might call up different employees, looking for someone they can form a rapport with in order to mine that person for information. Or, they might pose as a delivery person or even as a staff member to gain access to the premises, where they can get onto the network from one of your own computers.
Learn about the strategies attackers use to access data, and train your employees to recognize cyber-attacks and resist them. Remember to repeat training sessions regularly to keep employees aware and their skills fresh. Post security tips and guidelines in break rooms and other common areas, so employees are reminded of them regularly.
Develop a Cyber Security Policy
Despite your best planning, a cyber-attack might still happen. When it does, you and your employees need to know what to do to stop it and mitigate the damage. What protocol will you follow if someone accidentally falls for a phishing email or slips up and gives out sensitive information over the phone? What will you do if an attacker physically infiltrates your premises?
Develop a company policy for responding to cyber-attacks. Train your staff to respond to an ongoing data breach, and drill them regularly so they can spring into action, just as they would if there was a fire. A strong cyber-attack response policy could help avert disaster in the event of an attack and help you navigate handling a data breach after it has occurred.
If you’re not worried about the threat cybercrime could pose to your business, you should be. Criminals are getting wise to the fact that cybercrime pays, and businesses of all sizes are at risk. Protect your business from cyber criminals, or face losing everything.
Annie Qureshi is a serial entrepreneur and writer for Sustainable Business Forum. She embraces e-commerce opportunities that go beyond profit, giving back to non-profits with a portion of the revenue she generates. She is significantly more productive when she has a cause that reaches beyond her pocketbook. Twitter: @annierqureshi