It seems like you can’t watch the news without hearing about a new major security bug or corporate hacking scandal. Heartbleed and Shellshock scared many netizens, and soon articles about improving cybersecurity were popping up everywhere. Small business owners need to be particularly knowledgeable about cyber security since a large part of their business is based on the internet. Here are some things you need to know to protect your business online and what to do in the event of a security breach.
· No business is too small to be vulnerable to hackers. According to the National Cyber Security Alliance, 71% of cyberattacks target small businesses, and nearly half of small businesses reported being attacked. Even more alarmingly, Experian found that 60% of small businesses that fall victim to a cyberattack go out of business within six months. The NCSA cited three reasons why small businesses are so often targeted: They don’t have the resources to respond to an attack, information like credit card numbers are often less tightly protected, and small businesses can work with larger companies and give hackers access to these companies.
· Ensure that all devices dealing with the company network or company data have reliable anti-virus and anti-malware software. This is a basic but easily overlooked precaution against malicious files and other attacks. Your network should also have a firewall in place to protect the network as a whole.
· Train your employees. In addition to making sure everyone in your organization is familiar with your security system, it can be useful to train employees on basic internet safety and security practices. There are many online resources that raise awareness about phishing scams, security certificates, and other cybersecurity basics.
· Create secure passwords. Create (and have employees create) complex passwords that cannot be socially engineered or easily guessed for any resources that require passwords on your system. There are a number of guides online on how to create strong passwords.
· Use encryption software if you regularly handle confidential information. That way, even if your data is compromised, the hacker cannot read it.
· Restrict administrator rights to your system. Set up the right access limits for non-admin staff, especially when using non-company devices. Restrict admin rights to those who really need them and limit access to sensitive information by time and location.
· Find out about cyber insurance. Cybersecurity breaches are generally not covered by liability insurance, but if you want to protect sensitive data, speak to an insurance agent about your options.
· Back up your data weekly, either to a secure cloud storage location or to an external hard drive. This way you still have access to your data if your server goes down. Boardroom Executive Suites’ SkySuite cloud computing services are an ideal tool in this space.
· Once you have determined that there has been a security breach, determine the scope of the attack. This is a good time to bring in a consultant who is an expert in cybersecurity. This gives you both a sense of what damage you need to mitigate and whether it’s a generic mass attack or a targeted attack.
· After completing this investigation, take all your systems offline to contain the damage.
· Repair affected systems. You can use master discs to reinstall programs on your devices. Then, with the help of your advisor, find out where the gaps in your security system are. To prevent another attack, use this as a learning experience to strengthen your protection. This will likely involve educating your employees on what went wrong and what they can do in the future to prevent it.
· Be honest, transparent and timely in your communication with your customers. Let them know what happened and what you are doing to fix it.