According to the Small Business Administration, there are almost 28 million small businesses in the United States. Small businesses are the backbone of our economy, and since the 1970s, they have provided 66% of all new net jobs. However, because small businesses don't typically have the technology and human capital resources of larger corporations, it makes them more vulnerable to fraud and cyber attacks. Hackers have gotten more and more sophisticated with their tactics, making it increasingly difficult for businesses to defend themselves, and each year there are nearly one million new computer threats released each day. Every October, we celebrate Cyber Security Awareness Month to shed light on this issue and offer tips and advice to prevent cyber breaches and malicious online attacks.
1. Assess your company, find vulnerabilities, and mitigate its risk
The first step in risk prevention is to assess your company's current operations to identify vulnerabilities. No matter the size of your organization, you are at risk. Cyber criminals target smaller businesses with the hope that they'll have fewer defense mechanisms than larger entities. If your business depends on the internet for day-to-day operations, it leaves many windows open for a possible breach. Sensitive information at risk includes:
Sensitive customer data
Financial account numbers—both yours and your customer's
Financial records and reports
You can start securing your organization today by implementing a few best practices to help mitigate risk. Create a formal written internet security policy for employees, create policies regarding use of social media during work hours, provide internet safety training for all employees, and do not allow outside USB connectivity to work computers. These steps can set you down a path of security for employees and your customers.
2. Train your employees on how to identify and report a breach
You train your staff to sell, provide exceptional customer service, and to operate new technology implemented into your company. Cyber security training is no different and is critical to building a workforce that is properly trained and dedicated to doing their part to prevent cyber attacks. A few things you can do to get your employees up to speed on cyber security include:
Establishing policies on what—if any—type of software an employee may download to their computer
Setting password requirements complex character requirements
Conduct a training that explains the different types of cyber attacks and how they look when presented.
Set expectations for your employees and empower to report suspicious links and emails to the appropriate person in your IT department
The most important part of training your employees is to communicate the importance and the value of protecting customer and colleague information and their role in keeping these things safe.
3. Put technology in place to protect your customer data
Trust is an essential element to building a great customer relationship. It is your job as a business owner to protect the personal information a customer shares with you. Investing in technology resources that can help protect your infrastructure is a worthy and necessary investment to maintain security. Some of these things include automatic system updates, firewalls, spam filters, software that scans devices plugged into company's computer systems, and staying abreast of industry changes and updates. You can also reach out to your Internet Service Provider (ISP) for guidance and other software providers that often provide services to their customers.
4. Implement an action plan for prevention, resolution, and restitution
In order to implement your cyber security plan, you must be strategic. Experts recommend utilizing The Federal Communications Commission’s Small Biz Cyber Planner to help you evaluate your current situation and needs. When creating your plan, focus on prevention, resolution, and restitution. Creating policies and procedures can help prevent cyber attacks. While prevention should be your primary focus, it is wise to have a plan in place in the unfortunate event that you are faced with a breach. Be prepared for any repercussions the threat may have caused, including loss of trust from employees and customers.
What steps are you taking to secure your business from a cyber attacks or data breach? Share with us in the comments below!