It’s a startling statistic: Due to the massive amount of consumer and corporate data stored across the country, more than half of all data breaches globally are expected to occur in the U.S. by 2023. Although most people assume hackers are only interested in large data breaches, like the one experienced by Equifax in 2017 or Marriott International last year, it’s small businesses that find themselves at a greater risk. In fact, a recent report by Small Business Trends stated that 43% of cyber attacks target small businesses. That number will only continue to grow as cyber hackers develop increasingly sophisticated methods of threatening and stealing sensitive information. Small businesses can also suffer from lost data, unsecured devices and attacks stemming from covert phishing emails.
Below are seven simple measures you can put in place to protect your small business this year:
1. Back up your data
Over 140,000 hard drives fail in the U.S. each week, and 29% of those failures are caused by accident. Losing data can devastate a small business. Finding a secure way to back up your data is a necessity in today’s fast-paced, competitive business landscape. If you store company data in the cloud, back it up on a physical, on-premise drive to ensure data remains secure and a plan B is available.
2. Update and strengthen passwords
The standard eight-character password can be cracked in 15 minutes. That time continuously decreases as brute force hacking bulldozes its way through identifying words, phrases and character password combinations. It’s important to make sure all passwords are 12 to 15 characters and use a combination of upper and lowercase letters, numbers and special characters that can slow down or derail a hacker. A password manager can also be employed to help ensure passwords at each access site contain a different, complex sequence of letters, numbers and special characters. Consistently updating passwords and requiring unique passwords for various devices will help maintain company security.
See also: Taking Care of Small-Medium Business
3. Take cybersecurity training courses
97% of people are unable to identify a sophisticated phishing email. Phishing scams cost American businesses $500 million each year, and that number continues to rise, with over 400,000 more phishing attacks occurring in 2016 than the year prior. Data breaches also allow phishers to obtain specific information on a target through information uncovered during a breach and then use that information to appear credible. One way to combat this disturbing trend is to train your staff on how to identify malicious emails.
4. Implement a clean desk policy
Unattended computers or documents cause 47% of all data breaches. As a result, many small and large businesses have begun implementing a clean desk policy, requiring employees to clear their desks of all papers and completely shut down their computers at the end of the day, to help ensure proper security of sensitive information.
5. Get cyber insurance
On average, it takes 191 days for a business to even realize it has suffered a data breach and 66 days to contain a breach. Cyber insurance can provide critical coverage for any destruction including data lost through theft, cyber attacks, cyber crime, malfeasance or employee error. Cyber insurance companies can provide guidance in the days or months after a data breach, data recovery and forensics, ransom payments, public relations and credit monitoring for those affected by the breach. Having a defense plan in the form of cyber insurance protects your business, reputation and customers.
6. Create a plan
54% of SMBs have no contingency plan for handling a data breach. Not having a plan can make it exceptionally difficult to recover when your business is under attack. By creating a plan that clearly lays out the steps you and your employees should take after a data breach occurs, you can help mitigate the potential damages and losses and quickly begin the road to recovery.
7. Manage all BYODs
87% of companies allow Bring Your Own Device (BYOD). While the concept is admittedly an essential part of maintaining connectivity and handling after-hours tasks, the unfortunate reality is BYOD exposes your business to threats. By tracking all instances of BYOD with a mobile device management system, requiring all devices to be password-protected and developing a written security device policy, however, threats to these devices can be diminished.
See also: Cyber Attacks Shift to Small Businesses
Taking these small steps to securing your growing business, and constantly revisiting and revising your cybersecurity plan, are some of the best ways to protect your investments and prevent the likelihood your business will suffer from malicious hackers trying to profit off your data. Prioritize these essential cybersecurity best practices above all else, because the safety of your business, employees and customers truly depends on it.