Cyber attacks were up 32 percent in the first quarter of 2018 and 47 percent from April to June compared to the same periods in 2017, according to USA Today. Although there was no single data breach of the magnitude of the 2017 Equifax breach, which put an estimated 143 million Americans at risk of identity theft, the number of cyber attacks among major companies such as Dunkin’ Donuts and Marriott continue to escalate at an alarming rate.
While the headlines often highlight data breaches at large corporations, the reality is the majority of businesses being hacked are small. Smaller companies often cannot afford the same level of data and privacy protection, hampered by tight margins, reduced cash flow, and fewer trained staff. The results of an attack can be devastating, ranging from compromised customer data to complete third-party control over business operations.
The good news is that even the smallest business can take practical and affordable steps to safeguard their data. Here are a few best practices for upgrading your cyber security.
Put Security Software in Place
To ensure that you have a baseline of security software in place, start by looking at your firewalls, antivirus software, encryption, and endpoint detection response solutions. Focus on the types of attacks your firewall will protect you from, as well as the degree of visibility and flexibility it offers in terms of how you configure it. Make sure you install software updates as soon as they become available to improve system security.
Antivirus software can be vital for protecting your business from certain types of attacks, but the reality is there is no single “fix” that is ideal for every situation and every business. To avoid wasting money on a solution that doesn’t work, talk with an IT professional you trust before taking any action.
Know What to Look For
One important step in preventing a data breach is knowing what to look for and alerting your employees in order to prevent a third party from intentionally compromising your data. For instance, the threat of ransomware has been steadily increasing. This is the term used for malicious software that will lock your business’ data and offer to provide a password to unlock it in return for payment of a ransom. No business owner wants to find themselves at the mercy of an unknown third party.
Many large hacks and data breaches have been executed using a technique known as “spear phishing.” These attacks attempt to fool employees via email spoofing. Scammers can mimic email accounts to appear as if they are coming from popular businesses like Google and PayPal or from co-workers or business associates. The emails often look like a Google Doc or password request to access key files. If you or your employees have received emails that seem to be from a colleague within your organization and contain information or requests relevant to your business, then you have been a victim of this type of hack.
Create a Culture of Security
Ask any cyber security specialist what the biggest security threat is and they’ll tell you it is a company’s employees. One key reason for this is that people have a natural inclination to trust others, and this behavior is difficult to change. It’s also difficult to educate every employee about the seriousness and types of threats they need to be aware of.
Creating a culture of security can help protect your business from hackers who might otherwise trick your people into providing access to your data. It is critical that you inform your team about the potential risks to your company and train them to look out for common attacks and develop the habit of raising an alarm if something looks suspicious. Communicate specific threats on an ongoing basis in order to keep security top of mind with your managers and staff.
Additional steps you can take to help prevent internal cyber breaches include:
- Two-factor authentication: Require two forms of validation of a user’s identity, such as an email login and phone number to which an access code is texted. This creates a roadblock for would-be spear phishing hackers who will need to access both pieces on information.
- Manage shared passwords: Look at key shared logins and put a process in place so they do not have to be changed each time an employee leaves the company. A password manager like LastPass or Dashlane can help you manage password access.
- Regular software updates:Implementing regular software updates will go a long way towards preventing hackers from accessing your systems. Many business owners are taking control of these updates in addition to preventing end-users from downloading harmful software.
- Create a computer security policy: Draft an employee policy that sets certain security and privacy standards when using company computers or technology – and make sure everyone follows it.
Delete Customer Data
Maintaining customer credit card and other information longer than necessary increases the likelihood that a small business will become the target of a breach. You may need to hold on to credit card information until a customer’s transaction has been completed, you have been paid, and the period during which a credit card company can reverse the transaction has passed. However, once you no longer need a former customer’s information, delete it.
Consider Outsourcing Your IT
Preparing your business to respond to attempted data breaches often comes down to dollars and cents. While larger enterprises may have fully staffed IT departments, owners of small and medium size businesses often struggle to find a balance between their technology needs, budget, and the right type of IT support. It’s no wonder that nearly two-thirds of respondents in a Brother International Corporation small business survey said they were overwhelmed by technology.
Outsourcing can be a viable option for small businesses that lack the ability to staff and manage an internal IT group. For example, partnering with a managed IT services firm can give you access to the same kind of resources that much larger companies use to handle their IT security. A managed services company is only focused on network security, which means they have the experience and expertise to deal with major threats to your business.
If you outsource your IT, opt for professionals you can rely on over a service that is popular or has a recognizable name. Ask for recommendations from colleagues you trust. Carefully vet the service, and determine what protocols they have in place to protect you from theft or malpractice by their employees. It may also be important to partner with a company that can scale with your business. As the amount of data you’re protecting grows, you’ll have the IT services in place to handle that data responsibly.
Small businesses are attractive targets for hackers because they often lack the resources to prevent an attack. Protect your small business by taking a proactive approach to cyber security and being prepared with a solid plan to prevent and respond to a data breach.
Working Capital Financing is a few clicks away.
Summit Financial Resources specializes in working capital financing for small to medium-sized businesses that need increased cash flow. We provide working capital financing through invoice factoring, asset-based lending, inventory lending, and equipment financing.