Cybersecurity best practices
If you think cybersecurity is a concern for other people, think again. The FBI’s Internet Crime Report estimated the total cost of cyberattacks at $2.7 billion in 2018, the most recent year for which data is available. That represents a lot of damage to a lot of bottom lines.
Meanwhile, a recent Small Business Administration (SBA) survey revealed that 88 percent of small business owners feel vulnerable to a cyberattack.
They’re right to feel that way.
Because unlike larger companies that can afford whole departments to protect their data, most small businesses lack the resources and the expertise to defend against data breaches and similar crimes. Yet doing nothing can disrupt productivity and cash flow.
So what can you do, as a small business owner, to inoculate your business from this particular threat? It helps, first, to have some clarity on the threat itself. In the case of cybersecurity, most malware (malicious software) attacks take one of these three forms:
- A virus is a computer program that’s designed to give an unauthorized person access to your company’s data. It does this by mimicking the behavior of a medical virus – e. it infects a host. Once installed, a virus lets a criminal steal your company’s data, including sensitive communications and financial records.
- Ransomware is another type of threat. Instead of providing access to your data, its goal is to facilitate extortion by freezing up your system. Once installed, ransomware lets a criminal demand money much as a hostage-taker would, promising to return full functionality once the ransom is paid.
- Phishing is a more recent type of danger that spreads through emails that contain false but compelling content—often a threat to close or suspend an established account unless the user clicks a link or opens an attached file to “correct” the “problem.” Once the recipient complies, a virus or ransomware attack is launched.
Simply being aware of these threats, and sharing that knowledge with other authorized system users, can help you avoid many common attacks. In fact, cyber-awareness is a major line of defense for businesses of all sizes. The Department of Homeland Security (DHS) and the Federal Communications Commission (FCC) offer robust programs and resources that can help.
Also consider these best practices for keeping your business as cyber-secure as possible:
- Backup: Whether you use a separate drive or a cloud-based data storage service, it’s always a good idea to backup your company’s files in case there’s a breach or crash. Most systems give you an option to backup files automatically and continuously, so you don’t have to worry about maintaining a backup schedule.
- Multifactor authentication: Many suppliers that handle sensitive data (think financial and transaction services) offer an option that requires this added layer of security. How it works: Before accessing your company’s data, authorized users must confirm their identity through a security code sent to a second device. Typically this takes the form of a alphanumeric code sent in an email or text message.
- Secure connection. Whether you get your internet connection through WiFi or a cable, be sure it’s fully secured and password-protected on all devices. That includes laptops, desktops and mobile devices. Avoid accessing the internet in public places whenever possible—and when you do choose to go online, use a Virtual Private Network (VPN).
- Software: Make sure all company-owned devices have current antivirus software installed. It’s available from a variety of sources, at a range of price points. Since the exact threats evolve daily, so does the software. Make a priority of updating your antivirus software regularly. Most have an auto-update setting.
- Training: Everyone who has access to your computers, smartphones and drives should have annual training in cybersecurity. At a minimum, the training should include skills like how to spot a phishing attempt, how to browse the internet safely, how to identify and avoid suspicious downloads, the elements of a strong password, and a detailed review of your company’s policies and procedures for handling sensitive data.
Cybersecurity is an investment that requires constant vigilance. But failing to know and follow best practices can leave your business vulnerable to attack, which can be far more costly. For help keeping your finances running as smoothly as your data security systems, contact us at 1-855-WHY-PANGO (1-855-949-7264) to learn more.