The impact of the Equifax data breach that compromised the personal data of over 145 million individuals has left many confused, frustrated and downright angry. And while massive attacks on large corporations make headlines, small businesses have just as much, if not more, at stake.
According to data analyzed in a report by Hiscox, an insurance provider, cyberattacks are likely to have a bigger financial impact on small businesses. The 2017 report found that small businesses with under 99 employees faced an average cost of $36,000 after a cyberattack. Less advanced security protection, a smaller budget dedicated to cybersecurity and fewer resources for a fleshed-out IT department make small businesses an ideal target for hackers.
What, exactly, is a cyberattack?
A cyberattack is an unauthorized attempt to expose, destroy or access your data. According to a survey of 700 business owners by BuyBizSell, an online marketplace for small businesses up for sale, 1 in 10 small businesses have been attacked. The three most common attacks cited were general malware, web-based attacks, and phishing scams or social engineering.
General malware. Short for malicious software, malware acts against the intent of the user, and can come in the form of a virus, Trojan horse or worm. Ransomware — a form of malware that demands money to avoid a negative consequence, like permanently deleting your data or publishing it publicly — costs small businesses approximately $75 billion a year, according to a 2016 report by cybersecurity company Datto.
Web-based attacks. A web-based attack is when malware gets access to your computer via the internet. There are multiple ways for this to happen, including malicious websites that present themselves as legitimate, and hackers who insert malicious code into the code of a legitimate website.
Social engineering scams. A social engineering attack is when a hacker tricks you into giving up personal information like credit card numbers, Social Security numbers or bank information. It is also known as phishing.
How can I protect myself and my customers?
Microsoft offers a series of cybersecurity workshops for small-business owners, co-sponsored by the National Institute of Standards and Technology, or NIST, and the U.S. Small Business Administration. The SBA also offers a self-guided online course in cybersecurity basics.
CREATE A CYBERSECURITY PLAN
Your cybersecurity plan should include an employee training program and incident response plan. The first step to securing your network is to make sure your employees understand security policies and procedures. Training shouldn’t be a one-and-done deal; schedule yearly or semi-yearly refresher courses to keep security top of mind. Help your employees understand the importance of updating their software, adopting security best practices and knowing what to do if they identify a possible security breach.
The faster you act in the face of a cyberattack, the better you’ll be able to mitigate the damage.
An incident response plan will have crucial information such as:
- whom to contact
- where data and data backups are stored
- when to contact law enforcement or the public about a breach
The Federal Communications Commission offers a cybersecurity planning guide to help small-business owners create a plan to protect their business. (You can download your customized plan at the bottom of the page after you create it.)
BE SMART ABOUT PASSWORDS
The NIST advises government agencies on password best practices. According to the organization’s Digital Identity Guidelines, released in June 2017, NIST recommends passwords be at least eight characters long and notes that length is more beneficial than complexity. Allow your employees to create long, unique passwords that are easy for them to remember.
If you deal with highly sensitive data, you may want to require multifactor authentication, which requires users to present at least two identifying factors, like a password and a code, before gaining access to systems or programs. Think of it like an ATM, which requires a combination of a bank card and a PIN to access funds.
INCREASE YOUR EMAIL SECURITY
According to cybersecurity company Symantec, in 2016, 1 in 131 email messages were malicious — this is the highest rate in five years.
Basic email safety precautions, like not opening suspicious attachments or links, are a first step that can be covered in your employee training plan. If you deal with clients’ personal data, you can also encrypt documents so both the sender and the recipient need a passcode to open it.
USE A NEXT GENERATION FIREWALL AND ANTIVIRUS/ANTIMALWARE SOFTWARE
A next generation firewall acts as a digital shield, preventing malicious software or traffic from reaching your network and protecting the interior of your network from any viruses or malware that may be introduced via email, web page, or previously infected outside devices joining your networks..
Next Generation Firewalls like the FIREFX Network Guardian automatically update their local threat database daily and use secure DNS and intrusion detection and prevention systems to actively protect not only your network but also your data and devices behind the firewall.
Every device on your network that can run a good antivirus/antimalware software program should be running one and it, along with its operating system, should be updated regularly.
SECURE YOUR WI-FI NETWORK
Any type of Wi-Fi equipment you receive will not be secure when you first buy it. And no, you shouldn’t keep the default password that comes with your device — there are resources online for hackers to access default passwords based on model numbers of popular routers, so make sure your network is encrypted with your own, unique password. Your router will likely allow you to choose from multiple kinds of passwords; one of the most secure is a Wi-Fi Protected Access II (WPA2) code.
You’ll also want to hide your network, meaning the router does not broadcast the network name. If customers or clients will need access to Wi-Fi, you can set up a “guest” account that has a different password and security measures, which prevents them from having access to your main network.
PROTECT YOUR PAYMENT PROCESSORS
It’s crucial to work with your bank or payment processor to ensure that you’ve installed any and all software updates. The more complex your payment system, the harder it will be to secure, but the Payment Card Industry Security Standards Council offers a guide to help you identify the system you use and how to protect it.
Contact FIREFX today to become a dealer of the 2017 CEDIA Best New Hardware Winner!