Cybersecurity for Small Businesses: You’re Never Too Small to be SafeLearn the 5 keys to preventing a cyber attack.
You would never leave your cash register open to thieves. But are you inadvertently leaving your corporate data and your employees’ personal information open to hackers?
Digital information theft is the most commonly reported fraud today. It’s even more common than property theft according to the Federal Communications Commission (FCC).
Here are the main cyber threats to beware and how best to protect yourself.
The top cybersecurity threats
Phishing scams. “Small business owners are now the primary targets of hackers, and the top threat targeted at users today is phishing scams,” said Jerry Irvine, member of the U.S. Chamber of Commerce Cybersecurity Leadership Council and CIO of Prescient Solutions, an IT solutions provider.
In phishing scams, hackers send emails or texts or make phone calls that appear to come from a legitimate business or organization in order to collect information that will help them access your private accounts. Phishing emails may contain links to a fake website that looks just like a real company’s website.
Malware. “Malware has become the new virus,” Irvine said. “It’s even more dangerous because it’s less easily detected.” Malware, or malicious software, is designed to perform a specific, malicious task in your computer system.
“Malware is being developed to gather all information on PCs, laptops, tablets, smartphones and ‘Internet of Things’ devices and then transfer it to the hacker. Some malware can take complete control of devices and allow hackers to monitor them through their keyboard, cameras, microphones and even GPS locaters,” Irvine said.
Denial-of-service attacks. A denial-of-service (DoS) attack floods your computers or website with so much data that it crashes the system. These attacks are designed to prevent you from conducting business using the Internet.
According to the U.S. Small Business Administration’s Cybersecurity Section, the most common denial-of-service attack is a volumetric attack, in which hackers use many computers to send requests and other data to your system or site. Much of the time, these computers are being accessed remotely, and the owners don’t even know their computers are being used in an attack.
Website tampering. If a hacker gains access to the administrative privileges of your website, he or she can compromise your website and make changes to your system.
Website tampering can take many forms, including hacking your system, defacing your website and compromising web pages to allow invisible code, which will attempt to download spyware to your computer and can put your customers in danger of being hacked as well.
Your 5 best defenses against a cyber attack
According to the FCC, cybersecurity, like any other security challenge, is about creating layers of protection.
Educate your employees. “Since malicious activity is targeted to the end user, the best defense is an educated end user,” said Irvine. He said teaching about the risks of email attachments, embedded links, phishing scams and weak passwords should be part of employee orientation.
Consider requiring employees to take a cybersecurity training class. The U.S. Small Business Administration offers a free online course for small business owners.
Encrypt your wireless network, website and router. According to the U.S. Federal Trade Commission (FTC), you should encrypt the information you send over your wireless network so nearby attackers can’t eavesdrop on these communications.
Also secure your Internet router. To do so, change the name of your router from the default name and be sure to change the preset password. Turn off any remote management features.
If you offer free WiFi to your customers, make sure to have separate public and private networks.
If you choose to offer secure transactions via your company’s website, consult with your Internet service provider to find out how to earn an SSL certificate for your site.
Require strong passwords. “The average password today is still ‘password’, is never changed and is used for every account a user has,” Irvine said. Once a hacker discovers the password, he or she can use it to gain access to different systems for as long as the password stays the same.
“Employees should be required to use complex passwords of at least 10 characters with upper and lowercase and special characters. If possible, the organization should require multiple form-factor authentication such as a biometric and pin or password,” Irvine said.
Keep software up to date. Install all updates and security patches as soon as the developer releases them. The FCC advises using automatic updating services whenever possible, especially for security systems such as anti-malware applications, web filtering tools and intrusion prevention systems.
If you let your operating system, web browser or security software become out of date, it’s an open door for criminals to sneak malware into your system.
Back up all important data. Regularly back up the data from your business computers. If possible, set your computers to back up automatically at a regular interval such as daily or weekly. You may want to store your data backup offsite on a cloud-based server.