Your business has antivirus software. And you change your passwords once in a while — sometimes even using one that doesn’t include your dog’s name. As a small business owner, you’re all set when it comes to cybersecurity, right?
Not even close.
“In the last year, 61% of cyberattacks were on businesses with less than 1,000 employees,” says Brian J. Best, founder of Kansas City-based BestMacs. “Of that, about half had less than 100 employees. The smaller your business, the more danger you are in.”
But the news isn’t all dire. Brian continues, “Fighting cybercriminals is like running from a bear: You don’t have to be the fastest, you just can’t be the slowest.”
Protecting your business requires more than passwords and software. Learn how vigilance, cyberhygiene and prioritization can help keep those hacker bears at bay.
Why are cybercriminals interested in small businesses?
Cybercrime is big business. And like any other business, it has revenue goals.
“If they want $50 million in revenue, they can attack 1,000 small organizations for $50,000 a pop,” Brian says. “Target, Home Depot and Equifax are sick of being in the news, so they’re spending millions to make sure it doesn’t happen again. If you’re a hacker, are you going to try for Fort Knox, or are you going to walk in the back door of someone’s house? Targeting a small business is an easier lift.”
Much like ransacking an unlocked car, cybercrimes are crimes of opportunity. You lock your car — so make sure your small business is locked up tight, too. Here are six ways to protect your assets and your future.
1. Know what you’re protecting.
What’s your IT situation? You should be able to identify the most important information that you must protect. Whether that’s customer data or top-secret info about a new product, you should know what it is, where it is and how you’d respond if its security were to be violated. Your business has contingency plans in case of fire. A security breach is pretty much the biggest fire possible.
If you can’t pinpoint what you need to protect, you probably need clarity from an outside expert. Skip to No. 6.
More tips below …
Stay connected to KC entrepreneurship
Get entrepreneurial insights, inspiration and events delivered right to your inbox.
2. Train employees on good cyberhygiene.
Most cybercriminals gain access because of poor decisions employees make, like:
· writing down passwords and keeping them visible
· engaging with a fake email purported to come from a reputable source
· inserting a found thumb drive into a laptop, only to inadvertently install malware
It’s critical to have security policies and training that get everyone on the same page. Educate team members so they know what to look for. Require complex passwords and change passwords regularly. Create rules around protecting sensitive data and detail penalties for violating cybersecurity guidelines.
3. Keep machines updated.
Protecting hardware has gotten a lot more complex in recent years. Now, so many people are working from home, checking email from their phones and more. This access is convenient, but it can also make cybersecurity a bit of a nightmare.
A clean machine is a strong line of defense. The latest security software and operating systems have the best protection against leading-edge malware and viruses. Run an antivirus software scan after each update, but realize that antivirus software can only do so much.
“Antivirus software is just one part of the equation,” Brian says. “If a user messes up, the software is a safety net. But if you have antivirus software that came with your PC, that’s not good enough to fight the latest viruses. It’s the same as expecting the polio vaccine to work against COVID.”
4. Limit access to networks and information.
This includes physical access to computers and phones, network access to Wi-Fi and employee access to information and systems. Sound too hardcore? It isn’t.
Password protection on phones and laptops and two-factor authentication can make it harder for the bad guys to get to your data. Ensure that data on these devices is encrypted and protected by security apps so that information isn’t vulnerable while using public networks. And have clear procedures for employees should equipment get lost or stolen.
Another area that many young businesses overlook is account access. Each employee should have their own user account that allows access only to the information they need in order to do their job. Administrative access with privileges like installing software should only be granted to trusted IT staff.
5. Make backup copies of important data.
A backup is simple and obvious – but who among us has failed to set it up or forgotten to ensure it was actually running? And storing a backup in the same location as the data you’re trying to protect is just a bad idea.
Ideally, your backup should happen automatically, include data on all computers and store copies offsite or in the cloud. Any files that you don’t want to lose or wouldn’t want to get into the wrong hands should be included in the backup. This can mean everything from human resources documentation to billing records to your brainstorming notes about future expansion. Better safe than sorry.
6. Consider an outside vendor.
If cybersecurity sounds like it could be a full-time job, that’s because it can be. It’s a lot of work to keep up with the latest threats, maintain the appropriate software and guidelines and keep the rest of the team trained and informed. For many small business owners, cybersecurity falls into the category of “Important Stuff I’ll Figure Out Later.”
But Brian compares cybersecurity with preparing your own taxes. Sure, entrepreneurs can do it. But are you doing it correctly? And are you doing the best thing for your business?
“Outsourcing can make sense for so many small businesses,” he says. “You might be able to handle the day-to-day needs as a founder, but you’re out over your skis on this one. Your assets and reputation are at risk. How will your clients feel if their data gets breached?”
Small business cybersecurity resources
Cybersecurity isn’t one size fits all. It depends on your venture, size and data. The best way to start is to take a hard look at your enterprise and educate yourself on cyberhygiene best practices.
Fortunately, there are lots of resources tailored to the needs of small businesses. Look to guidance from:
You can also find help from KCSourceLink’s Resource Partners. Our Resource Navigator™ lists more than 230 organizations that can help you set up and protect your business. And the KCSourceLink Calendar is the metro’s most comprehensive collection of upcoming classes and programs — including sessions on cybersecurity.
If you’re not sure where to start, start with us. Our Network Navigators can create a free Personal Action Plan that’s tailored to your unique needs and goals. Provide a little info and you’ll receive an individualized list of exactly which experts can help your business thrive.