Original text

Protecting Your Small Business Assets agains Cyber Attacks and Threats

What do you think of when you hear the phrase “cyber-attack”?  Maybe you picture a team of sophisticated hackers stealing billions of dollars from a multinational bank.  But small businesses aren’t immune to cybersecurity threats.

According to specialist insurer Hiscox, 23% of small businesses suffered at least one cyberattack in 2020, at an average financial cost of $25,000. Unfortunately, SCORE mentors observe this fact among their clients and therefore SCORE leaders and their content partners have included several resources to help small businesses deal with this threat.  I will share some of the content in this column to not only bring the issue to the attention of small business CEOs but also provide some suggestions to begin addressing the threats.

Let’s take a look at some of the biggest cybersecurity threats and what you can do about them.

1. Remote Working.  

Coronavirus hasn’t just caused an unprecedented global health crisis –– it’s also resulted in a spate of cyberattacks.

There’s been a 300% increase in cyberattacks since the dawn of the pandemic. Between February and March 2020, the volume of phishing emails, designed to capture sensitive information, often by convincing recipients to download malicious attachments, surged by more than 67%.

What Can You Do About It?

Because remote working is still (relatively) new to a lot of us, many simply don’t have the skills or experience to protect themselves, and their employers, online.

The solution, therefore, is education. Hold training sessions to help employees identify common threats and explain cybersecurity best practices, such as avoiding suspicious-looking links and files, and locking their computers when they’re away from their desks.

2. Employee Burnout. 

With endless virtual meetings, long hours, minimal separation between work and social time, the pandemic has been tough on remote workers. It’s no surprise that two-thirds of employees report “sometimes” or “often” feeling tired or having little energy while working from home.

Tired employees are more susceptible to human error, whether through completing substandard work or making bad decisions that jeopardize security.

What Can You Do About It?

The solution here might seem counterintuitive: force your employees to do less work.

Insist they take all of their allocated breaks and use all their annual leave. And as a manager, play your part in stigmatizing the culture of unpaid overtime by never sending emails outside of working hours.

If your team is well-rested and focused, they’ll make fewer mistakes, which reduces the risk of cybersecurity breaches.

3. Cloud Storage. 

It’s not hard to see why cloud providers have become so popular. The ability to open files and access information on any device, from any location, rather than storing them on a single, physical hard drive or server, is extremely useful for employees.

Unsurprisingly, 84% of organizations using the cloud say they do so to store data or backups. Less than 10% saying they don’t use the cloud for storage and have no plans to do so within the next year:

While storing documents in the cloud is undoubtedly convenient, it also increases your vulnerability to cybercrime by giving hackers more potential attack points.

What Can You Do About It?

Wherever possible, make sure work is being carried out on corporate rather than personal devices, and that those devices are equipped with security measures like two-factor authentication. 

As well as reducing the risk of hackers gaining access to employee accounts, this approach ensures the IT team can see everything that happens across your network, enabling them to monitor, and take rapid action against,  malicious activity.

4. Former Employees. 

Humans are often the biggest cyber threat facing your business. We’ve already discussed the threat posed by burned-out current employees; now let’s look at former employees.

According to a CIO Insight survey, one in five organizations have experienced data breaches by former employees. And of those, almost half admitted that more than 10% of all their data breaches have been caused by ex-employees. Not only is this a major cybersecurity threat, but it also poses potential legal issues.

What Can You Do About It?

In an ideal world, your ex-employees would never leave your organization on bad terms, so they’d have no desire to leak sensitive information.

Unfortunately, In reality, there are always going to be times when people exit your company under a storm, so you need to make sure they can’t cause any damage. Scrutinize all accounts that have access to internal tools and systems, and terminate those that are no longer used or are connected to former employees. 

The fewer active accounts, the lower the threat.

5. Password Management. 

Passwords have been the cornerstone of cybersecurity efforts for decades now. Yet research shows many organizations still aren’t using them effectively. In fact:

• 35% don’t require a minimum password length
• 32% don't require special characters 
• 29% don't require numbers
• 28% don’t require a combination of upper and lowercase letters
• One in five businesses rotate passwords less than twice per year

By failing to take such basic steps, these organizations leave themselves highly vulnerable to hackers cracking their passwords. This issue is further exacerbated when the same passwords are replicated across multiple accounts.

What Can You Do About It?

Fortunately, this one is easy to solve: just implement all those basic best practices into company IT policy. By forcing users to take steps like regularly changing their passwords and using special characters, the risk of attack is reduced.