Preparing Your Small Business to Withstand a Cybersecurity Attack
What would happen if a hacker launched a cyber attack against your business? Would the hackers gain access to sensitive information or are your data and networks secure?
As a small business owner, cybersecurity threats may not be top of mind. After all, hackers are only interested in companies with vast troves of sensitive customer data, like credit card data or Social Security numbers, right? Think again: while it’s easy to assume no one would bother your small business, this mindset could leave your company vulnerable to cyber threats, hackers and identity theft.
A 2016 report by Keeper Security and Ponemon Institute found that half of all small and medium-sized businesses (SMBs) had been breached in the past 12 months. SMBs are a popular target for hackers because they are easier to penetrate than major corporations. Failure to establish and enforce security protocols leaves small businesses vulnerable to security breaches. The Keeper Security and Ponemon Institute report found that 65 percent of SMBs with a password policy fail to adequately enforce it and that 59 percent of SMBs have zero visibility regarding employees' password practices.
Part of this is a perception problem. When an attack hits a major corporation and millions of customers are affected, the story makes national headlines. When a small business suffers a security hack, fewer customers are impacted, so it’s less likely to make the news. While major corporations have access to financial and legal resources to recover from a cyber attack, not all small businesses do. Sixty percent of small companies go out of business within six months of a cyber attack, according to the Denver Post.
September is designated National Preparedness Month (NPM), a reminder for small business owners to evaluate their company’s preparedness levels. When considering possible emergencies, don’t underestimate the risk of a cyber attack. These are three cybersecurity issues to keep in mind when creating your company’s preparedness plan.
- Train employees to detect threats. Proper employee training can mitigate many low-level threats. Coach employees on data security protocols, policies, and practices. Educate your employees on the importance of cybersecurity and be serious about protocol enforcement. Doing so will help foster a company culture where cybersecurity is top of mind rather than an afterthought.
- Assess threats. Everything from your company's Wi-Fi network to cloud storage carries a cybersecurity threat risk, cautions the FCC. This does not mean you should stop using Wi-Fi or ban cloud-based platforms. You can, however, carefully consider potential risks associated with Wi-Fi network security, confidential data access, cloud storage, and BYOD (bring-your-own-device) policies and take steps to control access, encrypt sensitive information, and harden network security.
- Create a business response and continuity plan. With cyber threats constantly evolving, even the strongest line of defense may prove to have vulnerabilities. In the event a data breach occurs, having a business response and continuity plan in place can help prevent further damage. This plan should be similar to your existing emergency response plans; it should document roles and responsibilities, determine communication methods, and advise employees on next steps.