May 15, 2018
A recent Mantra poll showed that 87% small business owners think they’re not at risk of experiencing a data breach. But over 60% of small and medium sized businesses actually experienced a cyber attack, according to Ponemon Institute's 2017 State of Cybersecurity in Small & Medium-Sized Business report. Small businesses, in fact, are seen as easy targets because they typically have small data protection budgets and do not emphasize security in staff training.
Create a culture of security so that everyone, from the management to frontline, is aware of the importance of information security. Almost 1 in 5 breaches is the result of employee error, according to Verizon's 2018 Data Breach Investigations Report.
Keep up-to-date about the threat landscape and train employees how to identify and deal with the most prevalent threats. Phishing and social engineering scams accounted for 48% of cyber attacks against smaller businesses, according to the Ponemon research. There’s also been an increase in ransomware – 52% of respondents experienced a ransomware attack in 2017 compared to just 2% the previous year.
Keep all operating systems, browsers and other software up-to-date with the latest protection and set them to update automatically. Strong password protection must be part of on-going employee training. Turn on two-factor authentication.
Experts at smallbiztrends.com say that one of the single biggest mistakes small businesses make is using a shared server to host their files. Switch the business to a dedicated server to reduce the risk of being hacked by an outside party. Use the strongest encryption setting too.
Create offline – and off-site – backups of important files so if computers are compromised, there’s still access to files.
Encrypt data, install security apps, and teach employees secure work habits – for example, never leave mobile devices unattended, and do not download unapproved and possibly malicious apps.
If the business has a payment system, adopt EMV (Europay, MasterCard, and Visa). The encrypted payment system uses microchips to protect the information in the card.
Make sure the workplace Wi-Fi network is secure, encrypted, and hidden and set up a second, public network for customers. Train employees to avoid sending confidential information over public Wi-Fi.
After cyber crime, inside jobs are the biggest threats to a business. The 2018 Report to the Nations study on occupational fraud and abuse showed that small businesses had the greatest percentage of fraud cases (28%) and suffered the largest median loss ($200,000). Train employees about workplace fraud, and be extra vigilant when it comes to screening employees.
Criminals and hackers still use traditional methods of accessing confidential data. Properly dispose of information by having it securely shredded by a professional service provider. The same goes for digital information and old or broken down hard drives – they must be securely destroyed so that all the information saved on the hard drives is destroyed too.