If you’re a small business, taking a comprehensive approach to cybersecurity may seem like something that can wait until your business grows. You might assume hackers won’t bother with you. Don’t they focus on big corporations, with large databases and endless resources?
In fact, small businesses are the most common targets for hackers. According to SMB Group, more than 70% of cyber attacks target small businesses. This is partly because hackers tend to see small to medium size businesses as easy marks. Smaller enterprises are less likely to have the budget for serious cybersecurity practices and tech. On top of that, cyber theft is considered the fastest-growing crime in the US. All this means that, as a small business, it is in your interest to prioritize cybersecurity.
Note that your risk increases if your business relies on remote workers. The use of virtual teams is on the rise, but remote workers present unique cybersecurity challenges.
But hack-proofing your business doesn’t need to be complicated or expensive. The truth is that human error is one of the most common reasons for data breaches and security flaws. Thus, the best fix comes down to clear communication and maintaining best practices.
If you ensure workers have training and resources they need to keep themselves and company safe online, you can defeat any attacks that come your way.
What are the risks?
- Public wi-fi use.
Remote workers often use public wi-fi in coffee shops or libraries. Even regular office employees may create risks if they have sensitive information on their devices, and then connect to public wi-fi on the weekends. Public wi-fi networks are notoriously vulnerable to attacks, and information sent over them is easily intercepted.
- Lost and stolen devices.
Phones get stolen. Luggage goes missing. Problems like these are unavoidable, but if you don’t take precautionary steps, these small obstacles can become huge problems for your business. According to CNBC, 47 percent of business leaders said human error such as accidental loss of a device or document by an employee had caused a data breach at their organization.
- Phishing emails and malware.
Phishing is when a hacker tries to get sensitive information– like usernames and passwords– by pretending to be a trustworthy entity. An employee could get an email that appears to be from Google, but is really from a hacker angling for access to their Google account.
- Employees’ personal devices.
Your company’s devices may have security measures built in, but your employees’ personal devices may not. For example, an employee’s phone may be infected with spyware, which can then infect your own network.
What are the solutions?
- Create a cybersecurity policy.
The first thing you’ll want to do is sit down and create a comprehensive and workable security policy. Then make sure all workers are up to date with company policy. Again, clear communication is one of your biggest weapons when you’re working with employees to hack-proof your business. All workers should read the cybersecurity policy and sign off on it.
That policy should include instructions on how to create secure passwords, where and how to store sensitive data, how and when to access sensitive files, how to safely store physical devices at home and work, and how to safely dispose of hard drives and portable devices.
Even if you don’t have a tech department, you’ll also want to appoint trained staff who can be contacted in the event of a cybersecurity breach. That person should also produce quarterly reports on cybersecurity issues available to everyone.
- Use a VPN
VPNs should be a part of all companies’ best practices. They are especially important for companies that use remote workers.
VPNs establish an encrypted connection between a worker’s device and a VPN’s private server. Encryption makes all traffic unreadable. That means that remote workers are protected on public wi-fi, and devices stay secured.
Business VPNs will provide your company with a dedicated server and IP address. This allows employees to connect to the network from anywhere, while preventing others from being able to access your company’s data.
Some VPNs offer team licenses, which can be a great solution for businesses. Get one that uses advanced encryption and has a reputation for network security. High-quality ones will also get a dedicated account manager, centralized billing, and priority support. That means remote workers have an immediate point of contact in case they have issues with the service. There are free VPNs available, as well; just do your research and recommend one to your employees if you go that route.
- Train employees on how to spot phishing emails.
Create regular lessons about how to spot red flags. You can consult an outside consultant or expert, but if you’re on a budget, there are free resources out there as well. OpenDNS, for example, has a free quiz that employees can take online.
Your whole team should go through training about cybersecurity threats and learn how to spot a phishing email or malware scam. Security policy should also dictate that employees forward suspicious-looking emails to the IT dept or the designated staff person.
- Password Policy and Etiquette.
Frequent automatic password changes used to be considered standard, but studies show that employees are more likely to use weaker passwords when they are required to change them often.
Instead, get your team to use a password manager or secure passphrase for accounts. Make sure they’re up-to-date with security best practices. There are a wealth of free password managers online, or you can sign up for one with a team license. Another option is to install a system that employs two-factor authorization.
Small businesses are frequent targets for hackers, but a few simple and low-cost practices can help make your enterprise secure. Communication, training, a good VPN, and appointing a tech point person will up your cybersecurity without breaking the bank.