American Small businesses are becoming one of the top targets for global hackers. While a solid deadbolt on the front door and a set of security cameras scoping out the parking lot are still sensible ways to keep your place of business safe and secure, there are a lot more potential security issues lurking in your unassuming laptop or WiFi router than in the physical building itself, and they deserve every business owner’s serious attention.
With businesses migrating more and more of their daily activity to the cloud for convenience and cost savings, there’s an underestimated threat of catastrophic damage to the business caused by hackers. Brick-and-mortar stores are just as much at risk to hacking as an internet based business. If even a portion of your purchasing, record keeping, financial, or fulfillment processes rely on the Internet, you need to review the following cybersecurity essentials to make sure your small business, your employees, and your customers are protected.
An ongoing trend
The need for vigilance when it comes to digital security is not new. From the moment individuals and companies started interacting online, smart computer experts with questionable agendas have been there to interfere with, intercept, or just flat out steal the information that’s constantly changing hands.
As governments, banks and commercial companies began storing customer information electronically for ease of analysis and access, hackers started stealing identities and infiltrating bank accounts, sometimes hundreds or thousands at a time. As soon as eCommerce became possible, hackers were finding ways to steal unsuspecting consumers’ credit card numbers and racking up fraudulent charges.
But, in 2017, the opportunities are far more prevalent and the sheer volume of online transactions and records have made cybercrime the fastest growing specialty in the underworld. Just consider how many retail stores do a large percentage of their business online today; how many restaurants and physical stores use web-based POS systems for processing transactions; and how much information everyone stores on their smartphones with only a four-digit screen lock or a simple password keeping it safe.
At this point, nearly everyone understands at least the basics of how to keep their personal information safe while enjoying the conveniences of a highly digital life, and the combination of government regulation and improved security technology have made connected living safer than it was years ago. But there are still billions of dollars lost every year to various kinds of cybercrime, from stolen credit card numbers to identity theft, application fraud, and the simple but devastating draining of online accounts so quickly and completely, the victims don’t even notice it’s happened until hours or days later.
“Imagine how expensive it would be to create a 20-foot brick wall around your building, and how inexpensive it is for the bad guys to buy a 30-foot ladder,” said Steven Chabinsky, a 15-year FBI veteran and Chief Risk Officer at the cybersecurity tech firm CrowdStrike. “If the response to that security breach is a government mandate to build a 40-foot wall, and I spent my money on that, then the attackers buy a 50-foot ladder. Where does it end?”
Most often, it’s small businesses that are targeted by hackers rather than large enterprises or individual consumers. They do this because huge corporations will generally have cybersecurity experts on staff or on retainer with all the hardware, software, and know-how to make the job extremely difficult. In the case of small businesses, however, hackers realize the security measures most companies have in place aren’t any more sophisticated than those of the average Internet user, but the potential payoff can be much higher.
That’s why an incredible 71% of cyberattacks occur in companies with less than 100 employees. As a business owner, it’s your responsibility to make sure your company is protected.
Your Wi-Fi network and other “back doors”
It’s of no value to lock your front door if you’re going to consistently leave your back door open.
Yet, to hackers, that’s what many small businesses do every day. They do a good job buttoning up their physical locations with locks, security cameras, motion sensors, and the like, but then leave their Wi-Fi networks unsecured with weak or non-existent password protection.
From a cybersecurity perspective, you may as well be leaving your back door open and putting out a welcome mat.
Here’s what you need to know to make sure the hardware and software you use every day to connect your business to the Internet are as safe from hacking threats as possible:
- Don’t skimp on hardware upgrades – The older your router, mobile device, laptop, or operating system, the longer hackers have had to figure out ways to infiltrate it. You shouldn’t feel obligated to buy every new gadget as it rolls off the assembly line, but, at the same time, you shouldn’t still be booting up Windows XP and using the Wi-Fi router you bought in 2002 to go online.
- Make sure all your systems are set to receive automatic updates – Whether it’s Windows, iOS, Android, or any other hardware or software system, the manufacturer and development team behind every item connecting your business to the Internet should be vigilantly monitoring cyberattacks reported by its users and patching exploited holes in their system. Regular security updates are available to push appropriate fixes out to users. Make sure every app on every device your company uses is set to receive and install those updates automatically, or you’re sure to miss them. Likewise, when your system pops up a message stating a software update is available, don’t mindlessly pass on it for convenience sake. Prioritize installing those updates.
- Set up a firewall, antivirus, and antispyware software and never turn them off – You don’t need to understand exactly how these programs work to take advantage of them. Some – like Windows Defender – come free with your operating system, while others may require a small investment, but the price is negligible next to the practical protection and peace of mind they offer. NOTE: at times a program or online service may produce an error message that recommends you turn off your firewall or antivirus software in order to proceed with a given task. This should not be taken lightly. If there’s any way to avoid doing so, take that option. And if there’s no way to proceed without doing so, explore using a different program or service that doesn’t include that requirement.
- Create unique passwords and change them regularly – It’s tempting to use the same simple password for everything, and we’re all probably guilty of it in one way or another. But between cheap and effective automatic code breaking software and good old-fashioned common sense, it’s incredibly easy for hackers to determine your simple password. And if you use the same one for everything, you’re essentially handing them a universal key to your house. Instead, create complex passwords that have no recognizable connection to you, your business, or any other real-world details a hacker may guess, and change them frequently.
- Appropriately limit access to systems – Even if you only have a handful of employees, chances are not everyone on your payroll needs access to every system or application at all times. The fewer users and devices accessing a given system, the fewer potential mistakes can be made to give a hacker “back door” access.
- Separate any public Wi-Fi access from your internal network – Many small businesses, (especially restaurants, retail stores, and entertainment venues,) offer a public Wi-Fi hotspot for use by customers. If that network is directly linked to the internal network you use to handle your online business, financial transactions, and other sensitive data, hackers can and will sit at your table, sip your coffee, and rob you blind.
- Train all employees on cybersecurity basics – Everyone who accesses your business systems should be aware of how to recognize a suspicious email, how to properly log out of or otherwise protect sensitive applications, and how to secure any personal devices used for work purposes.
- Create a cybersecurity plan – Likewise, every user with access to your company’s systems should clearly understand what steps to take if any sort of cyberattack or digital security breach is discovered, from mitigating the risk with immediate actions to who to call and what to tell them. (The Federal Communications Commission provides an excellent resource for creating this plan.)
Getting expert assistance
While most small businesses don’t have a dedicated IT or cybersecurity department or specialist on staff, that doesn’t mean expert help isn’t available to keep your company safe from hackers.
- Learn as much as possible and train your employees – Free, valuable resources are available from a number of public and private organizations that want to help small businesses remain vigilant against cybercrime. A few examples to explore include:
- Consider hiring a consultant or cybersecurity firm – Depending on the sensitivity of the data you work with, you may just want an expert to assess the state of your security and recommend improvements, or you may want to consider keeping a consultant or firm on retainer to offer more extensive services and oversight of your company’s cybersecurity efforts.
- Consider purchasing cybersecurity insurance – Another valuable tool for small business owners is insurance that covers the company in case your very best efforts still aren’t enough to prevent a hack or data breach. From legal fees to replacement of compromised hardware and software, an insurance plan can make recovering from a cyberattack a much less painful experience.
If you haven’t given cybersecurity much thought, or if you realize now there are likely some areas where your small business may be vulnerable, don’t hesitate to take action now. You can be sure hackers are doing so as you read this.