Original text

Cybersecurity, Internet Threats, Hackers, Cyber attacks, and your small business security

I have written about cybersecurity in the past, but now more than ever there is a vital need for small businesses to take the potential threats on the security of their cyber systems seriously.  The recent military attacks from Russia and its leader across Ukraine reminds us of the potential of the non-military attacks that they may use against other countries (like the US) who use economic sanctions in response.  Although, certain pollical individuals consider Putin a “friend”, we cannot let our guard down. 

Today, technology has revolutionized business operations, leveling the field for large and small businesses. From collecting customer data to processing payments, technology applications in business are numerous and undeniably impactful.

Unfortunately, this shake-up has brought different challenges, particularly when it comes to securing and protecting business systems and data. Since 2020, the number of cyberattacks per company has increased by 31%. This means that small businesses are also targets of cybercriminals who steal data for ransom or black market sale.

With this in mind, it’s increasingly essential for small businesses to develop a cybersecurity policy and plan to protect their operations.  I will share information from one of SCORE’s content partners, Trend Micro.  For nearly 30 years, Trend Micro’s unwavering vision has been to make the world safe for exchanging digital information. This single-minded passion has inspired our innovations that keep up with the bad guys despite a changing IT landscape, riskier user behavior, and constantly evolving threats. Trend Micro Initiative for Education includes all of our community outreach efforts working to provide digital safety education and user awareness.

I will share the cybersecurity basics every small business must implement to prevent potential attacks.  Take these suggestions seriously.

1. Use strong passwords & multi-factor authentication. 

Encourage everyone in your company to use strong passwords. They should never use their names, emails, or birthdays as passwords. Plus, passwords should be hard to guess and must be changed at least every three months. A good password should have more than eight characters, comprising special symbols, numbers and letters.

In addition to strong passwords, it’s advisable to activate multi-factor or two-factor authentication. This can be a verification code sent to your phone or email or answering a security question users selected during onboarding. Leveraging biometric authentication is also great for securing your mobile devices.

2. Secure and backup your files. 

Regardless of your efforts to protect your business, risks are bound to occur for several reasons, such as employee error, crashed computers, water damage, etc. As such, it’s vital to make a habit of securing and backing up your files for easy restoration in case you lose them.

Invest in a file backup solution that automatically moves your files to cloud storage for easy access. You can also create a disk image to back up all the files on your computer. Another option is an external hard drive or USB flash drive. While it’s a traditional method, it still offers a secure way of keeping your files safe in the event of an attack.

3. Keep your software programs updated. 

Whatever software you use for work, such as HR, communication, finance, etc., it’s crucial to ensure it’s always up-to-date. This also includes web browsers, mobile apps, and operating systems. Be sure to set updates to occur automatically.

Bear in mind that most software updates usually come with patches and improvements to fix loopholes and bugs that bad actors can exploit. They also remove outdated features and improve the stability of the software for better experience and performance.

4. Protect your wireless networks. 

There are several risks to your wireless network, including wardriving, piggybacking, evil twin attacks, wireless sniffing, shoulder surfing, etc. An insecure network provides a loophole for bad actors to silently listen to users, compromise your data, steal identities, or collect personal information.

Therefore, you should take the necessary measures to secure your wireless networks. This includes:

• Changing the default passwords, which are easy to find online
• Encrypting data on your network to prevent unauthorized users from viewing it
• Using an anti-virus software
• Hiding your service set identifier (SSID)
• Connecting to the internet via a virtual private network (VPN)
• Installing a firewall directly on your wireless devices

Also, you need to ensure that only authorized users have access to your networks. You can use their devices’ media access control (MAC) addresses to ensure only whitelisted addresses have network access.

5. Encrypt all your devices.  

Device encryption is also crucial in protecting your data and systems. It’s vital when a company device is lost or stolen and falls into the wrong hands. In this case, they can easily access your data or personal information by moving the hard drive to another machine.

With device encryption, accessing your data won’t be that easy. When they try moving your hard drive to another computer, they’ll be prompted to provide the decryption key to access the files on the drive. So, without the key, your lost or stolen device will be just useless to them.

6. Invest in cybersecurity training & awareness.  

Regardless of what you do to prevent attacks, there’s nothing as important as employee training and awareness. Employees must be able to identify and detect the common tactics cybercriminals use, including phishing, smishing, fake online ads, etc. So, it would be best to create a security culture by organizing regular training and workshops.

The training should cover all the cybersecurity basics, including strong passwords, device security, encryption, data backups, etc. Teach them how to avoid phishing scams and show them the common methods attackers use to infect devices, such as pop-up messages, emails, etc. Quality employee cybersecurity training can go a long way in securing your small business.

Prevent Small Business Cyber Attacks. 

Cyber attackers don’t just target large companies; small businesses make great targets, too. When they do, the damage can be quite significant, resulting in reputational damage and higher costs from operational disruption. In the worst-case scenario, an attack can force a business to shut down.

It doesn’t need to get there. Understanding and implementing small business cybersecurity basics let you protect your business from attacks. You need to secure your networks, educate your employees and create security policies and practices. These measures can keep cybercriminals at bay, even as they become more advanced.