Here’s a startling statistic that just might shock you. In the last 12 months, 42% of small businesses found themselves victims of a cyber attack. Most common among these were phishing attacks, which made up almost a quarter of cyber crimes against small businesses. Then came data breaches (18.6%), malware attacks (16.5%), denial of service also known as DoS attacks (14.8%), ransomware attacks (11.3%), and other cyber crimes (15%). The point here is that there are many ways bad actors are trying to breach your systems and wreak havoc on your small business. And, if they are successful, it will cost your organisation big bucks.
The cost of a data breach on an Australian small business can cost big money. Not to mention that the fallout of a data breach can gravely affect a small business’s ability to continue operations, negatively impact the safety and security of customers, and take years to recover from.
The point here is not to scare you as a small business owner, but instead, to create awareness around the importance of a cyber security strategy that adequately suits the size of your organisation, identifies your vulnerabilities, and implements smart tactics and solutions to keep your business as safe as possible in an increasingly dangerous threat environment.
1. Employee Training.
According to a recent IBM Cyber Security Intelligence Index Report, human error is the root cause of 95% of all cybersecurity breaches. Therefore, it is imperative to establish cyber security practices throughout your business including strong password protocols, internet usage guidelines, and perhaps most importantly, awareness programs on common phishing email ploys and telltales.
Ensuring employee cyber security compliance should be a sustained and overt effort. Consider creating a Cyber security Employee Handbook and make it part of your employee onboarding and training program. At the minimum, your cyber security policies should include:
- High security password requirements
- Email security protocol
- Sensitive data best practices
- Social media and internet access rules
Again, email is the most common entry point for cyber criminals. Make sure your entire team understands the dangers and knows what to look for.
2. Keep Your Systems Updated.
Many small businesses fail to recognise the importance of updated operating systems and software. A shocking number of small businesses are still using Windows 7, an operating system that is no longer receiving Microsoft security software updates or patches. While MS was providing some business with annual updates via its Extended Security Updates program, those too are likely set to expire soon.
Outdated and unsupported software leaves your small business systems more vulnerable to ransomware attacks, malware, and date breaches. Most malware targets older software, as cyber criminals are aware of vulnerabilities within these outdated versions, and thus exploit them to gain access to systems and sensitive information.
The risk of outdated technology is enormous and the cost of a breach or cyberattack can bring a small business to its knees. So keep your systems and software up to date.
3. Back Up Everything.
Data backup is the process of copying and storing digital data from a primary location to a secondary system so it can be restored should a data loss or corruption even occur. In the case of malware or ransomware, even if the initial breach is remedied or the ransom paid, around 60% of victims’ data is lost or irretrievably corrupted.
For small businesses, backing up to an external hard drive might be enough for a data backup and storage solution. If your business has a Local Area Network (LAN) you can back up data to another computer or server, though the potential of physical threats (like fire, tornadoes, flooding, etc.) might leave them vulnerable. Cloud backups, also known as online backups, are services in which data and applications are backed up and stored on a remote server.
Regardless of which method you decide is right for you, backup your systems as often as possible. Some solutions even allow for automatic backups every five minutes. While this frequency might seem excessive to some, experts urge small businesses to perform data backups at least daily.
While cybersecurity solutions and safety tactics are evolving literally every day, it is imperative that small business owners understand the current threat landscape and create smart strategies to maintain the safety of their data and systems. Even the most basic approaches, like the ones outlined above, better position your small business to prevent or survive a catastrophic hacking event.