Even though most cyber attacks that make the news are against large organizations, it doesn't mean small- or medium-sized businesses are immune:
- In 2016, two-thirds of businesses surveyed had an average of five security breaches.
- 58% of malware attack victims are categorized as small businesses.
- 61% of SMBs surveyed by Ponemon Institute have been breached within a 12-month period.
- In 2017, cyber attacks cost small- and medium-sized businesses an average of $2,235,000.
In addition, it's often much harder for SMBs to recover from a cyber attack. Did you know that 60% of small businesses go out of business within six months of being hacked?
As you can see, cybersecurity isn't something to be taken lightly. What can you do to protect your business from hackers?
How To Improve Cybersecurity For Your SMB
To figure out where to focus your resources, you need to first understand the most common causes of data breaches:
- 35% is due to human or process errors, such as employee mistakes and insider misuse.
- 20% is attributed to malware or web app attacks.
- 15% is caused by physical theft and loss.
- 15% is due to denial of service.
Here's what you can do to protect your business from hackers:
1. Employee Training
It has become increasingly common for cybercriminals to use social engineering techniques such as baiting, phishing, and scareware to gain access to a company's internal system and sensitive information.
Hackers use these techniques to target employees of all levels and the best way to protect your company is to educate your staff on cybersecurity:
- Include cybersecurity training in your onboarding process for all employees.
- Establish and enforce rules on email security, Internet browsing, and social media usage.
- Provide "refresher" training and send out reminders on cybersecurity best practices to all employees on a regular basis.
2. Move To the Cloud
For most SMBs with limited resources to enforce the most up-to-date cybersecurity measures, it's often more cost-effective to move as much of their data storage and business-critical applications to the cloud as possible.
Most reputable cloud computing providers have a team of security experts and 24/7 monitoring to ensure that their platforms and your data are protected against cyber attacks.
When you use cloud computing for your business, you should also do your due diligence to prevent breaches caused by end-user negligence:
- Set up multi-factor authentication for logging into the cloud applications.
- Implement controlled access so employees can only obtain or edit the information they need to do their jobs.
- Design a comprehensive "off-boarding" process to make sure departing employees can no longer access your data.
3. Implement a BYOD Policy
The "bring your own device" (BYOD) trend is here to stay and for a good reason -- it helps businesses lower cost while boosting employee productivity.
However, there are also security risks associated with BYOD if employees don't exercise the necessary precautions or their devices aren't set up properly to support the implementation of the security protocols.
To protect your company against the security risks associated with BYOD, you need to enforce a BYOD policy and ensure that your employees get the necessary support to secure their devices.
4. Design a Comprehensive Backup and Recovery Strategy
Did you know that the average cost of IT downtime is $5,600 per minute?
Having a well-designed backup and recovery plan can help reduce the financial loss associated with IT downtime by improving the IT resilience of your company so business-critical data can be retrieved with as little disruption as possible in the event of a security breach.
You can consider using a Disaster Recovery-as-a-Service (DRaaS) vendor so you have access to the latest strategies and technologies.
In addition, inquire about the backup protocol of your cloud computing and storage services to ensure that your data is protected.
5. Install Firewall, Use Anti-malware Software, and Secure Your WiFi
A firewall protects your network from cybercriminals. Besides the standard external firewall, you can also use an internal firewall for added protection. In addition, employees who work from home should have firewalls installed on their home network.
Malware is one of the major causes of data breaches -- a Verizon data breach investigation report found that 30% of employees have opened a phishing email that infected a system with malware!
Since it only takes one employee to click on one phishing email for a malware to bring your business to a halt, it's well worth the investment to install a robust anti-malware software on all devices and the network.
In addition, cybercriminals can hack into your WiFi network and harvest login credential to gain access to your sensitive information. Secure your network by using the correct settings and authentication protocol, as well as ensuring the physical security of your hardware.
6. Use a Cybersecurity Consulting Service
Most SMBs have a small IT team that consists of IT generalists rather than cybersecurity specialists.
That makes sense from an operational standpoint, however, a small IT team often doesn't have the bandwidth to stay on top of the latest cyber security trends and best practices. This can result in misconfigurations, ad-hoc processes, and haphazard controls that will jeopardize the safety of the network.
To make sure you have a cybersecurity policy that reflects the latest industry best practices, consider using an IT security solution provider to help you design and implement an effective IT security strategy for your business.
An ounce of prevention is worth a pound of cure -- see how our managed IT security and cybersecurity consultation can help protect your SMB from costly cyber attacks.