Under Attack: What You Need to Know About Cybersecurity for Your Business
Updated: Feb 22
As you’re preparing to start your business, your mind and desktop are likely filled with thoughts and notes about market share, product delivery, payment processing, and marketing. That could all be meaningless, however, without paying attention to essential cybersecurity protocols for your small business. It’s not a danger that plagues only larger businesses and institutions; to the contrary, according to the U.S. Small Business Administration (SBA), small businesses are attractive targets because they lack the resources to invest in robust cybersecurity measures that larger businesses can often afford.
Cybersecurity measures don’t have to be expensive. In fact, some of the most effective measures cost nothing but time and commitment. Still, it pays to understand more about the importance of cybersecurity and how to be proactive.
Here are some standard business practices which explain what you need to know.
Cybersecurity is not just a technology issue – it’s also a people issue
As a small business owner, you should absolutely invest in cybersecurity technology designed to protect your equipment – and not just for your computers, servers, and networks, but other devices such as your mobile devices and separate USB drives. However, relying on technology alone still leaves you vulnerable; training your employees – and yourself – in cybersecurity best practices is a business security measure you can’t afford to overlook.
Passwords are elementary, but the importance of creating a strong, hard-to-remember password is often overlooked in favor of convenience. The problem is that if it’s convenient for you, it’s also convenient for the cybercriminal! Create a long password, even a passphrase, that contains special characters, does not contain any personal identifying information and does not follow a predictable pattern on the keyboard. You can also use a password generator to help you come up with more impenetrable passwords.
Then, once you have your password, do not write it down in plain view in the office! The “password sticky note” is too often a common practice on shared equipment, or in busy office environments where saving time is important. Unfortunately, if it’s easily accessible to you, it’s also easily accessible to visitors.
The same applies to employees sharing passwords. The reasons for doing so may be innocent enough, and even designed for productivity purposes, but it’s not good policy. It’s not because an employee may not be trustworthy, but if there is a breach, everyone who had access to that password suddenly becomes suspect, which complicates the solution and is not good for morale.
Everyone in your business should also be trained on how to detect a phishing email and the dangers of clicking links. You and your employees can report any phishing attempts to the Anti-Phishing Working Group by forwarding the suspicious email to firstname.lastname@example.org. Since cybercriminals also use text messages for phishing, this applies to mobile devices as well. Those messages can be forwarded to 7726 (SPAM).
Lastly, try to go paperless whenever possible; instead of physical paperwork, opt for digital documents such as PDFs that you easily upload to the cloud. This may involve scanning a lot of older documents that contain sensitive information related to your business. And because PDFs are often large files, consider using tools that allow you to compress a PDF online to keep sizes manageable. Not only will doing paperless free up room in your office, but it will also add a layer of security since you’ll have all this information securely stored in the cloud.
You still got hacked
Despite what you thought were diligent efforts, your business still fell victim to a cyberattack. Now what?
First, disconnect from the internet to prevent any other equipment from getting infected. Employ standard security protocols, such as password changes. Make sure your security software is up to date and any recent security patches are installed. Your IT personnel or cybersecurity vendor should be able to help you remove any malware if that was the culprit. You should also report the incident to law enforcement.
This is also where a robust data backup policy will come in handy. Having all of your data and systems backed up mitigates the effectiveness of criminals’ attempts to collect ransom, which could do little more than make you an attractive target for future attacks. If your data has been erased, don’t lose hope. A digital forensics company can recover deleted items.
Cybercriminals are diligent!
Unfortunately, cybercrimes are now a part of every business. With every threat that is thwarted, it seems the criminals dig in deeper to find a way to outsmart us. If you make proactive cybersecurity a priority in your new business right alongside your other critical business functions, you have a better chance of staying one step ahead of a villainous cyberattack that could cause a major disruption in your business, and even drain money out of your bank account. Contact Author: Brittany Fisher at email@example.com