Small and medium sized businesses often face a difficult middle ground. They don’t have the big budget that larger companies have to manage IT and hire the best in cyber security professionals, but they face the same threats as larger companies, and they often have more to lose if they are in fact attacked and breached.
According to a study that was conducted by the National Cyber Security Alliance, more than half of businesses that are affected by a cyber attack go on to close their doors within six months. The biggest thing you can do as an entrepreneur is to be aware of the risks and prepare for them to the best of your ability.
Don’t assume you need a big IT budget
Many small businesses think there’s little they can do against a malicious cyber attack because they just don’t have the budget that bigger companies do. While there is an element of truth to that, studies have found that more than 80% of cyber attacks at SMBs could have been avoided if the company had put some simple risk management into place.
So what are the big risks that put the majority of companies into vulnerable situations?
Trojan viruses and malware have been problems for computer users as long as there have been personal computers, and yet many users struggle to follow a simple schedule of updating anti-virus software and regularly scanning their computers.
Mitigate this risk by scheduling updates and scans to run on all office computers on a regular basis. Educate employees on the importance of letting the system run, and make sure that you are notified about any threats and respond quickly.
Lost or Stolen Laptop or Mobile Device
All the security in the world isn’t going to help if a laptop or work mobile is lost or stolen by someone with the technical know-how to access the device. It’s incredibly important that all mobile devices be password protected, just like in-office computers.
You can reduce this risk by making sure that employees report any lost equipment as soon as possible, and making sure that all devices are encrypted and password protected. Also, the more information that is stored in the cloud, instead of on the devices hard drive, the less vulnerable that data will be to brute force attempts at access.
One increasingly common method of gaining access to a company’s systems is the phishing email. A phishing email often looks like it’s coming from an appropriate and authentic server. It directs the recipient to click a link, usually stating that there is a threat to the customer’s account, or that the password needs to be verified.
Again, educating your employees is the most important thing you can do to protect yourself from this kind of attack. Make sure they know that they should never send out their passwords via email. Really, they shouldn’t be sharing passwords in the first place. If they get an email that seems strange, even if it appears to be coming from someone they know, they should call that person, or speak to them face to face.
Unsecured Wireless Networks
When you set up a wireless network in your office, make sure you change the default password that’s on your router. Most router manufacturers use a simple administrator/password combination for all of their wireless routers to make it easier for admins to setup the router the first time. That’s great for first time access, but a potential disaster if you don’t change the settings. Someone who has access to your network is halfway to having all the information they could possibly want from your company.
For most companies, their biggest risk is internal. Disgruntled employees generally have access to tons of data with very little restriction; after all, they need it in order to do their jobs. There have been situations where employees printed out everything they could get their hands on, walked off the job site, and then sold the information, or used it for their own personal gain.
To reduce the risk of this kind of loss, make sure that your employees have access to only the information they need to do their jobs. Don’t restrict them unnecessarily, but don’t give them access to A-Z if they only need C.
While small businesses may not be able to be invulnerable to the most targeted and intense attacks, they can do many things to protect their businesses from outside threats. What do you consider the most important piece of Internet security for SMBs?