Facebook has been under fire for a while because of its handling of user data, and its recent security breach has only amplified public scrutiny. It’s the biggest in the company’s history, and has implications that reach far beyond the potential 90 million compromised accounts. After all, if a tech company with virtually unlimited resources could commit an error of this magnitude, what hope do the rest of us have?
It’s been called a breach, but Facebook’s wound was actually self-inflicted. When part of the platform was updated, it created a security hole that affected a huge number of users and wasn’t immediately spotted. If you own a small business, you can relate. You generally have to allow some kind of access into your environment, whether it’s a new payment processor, a third-party provider, or employees who work remotely. Unfortunately, whenever you interact with the outside world, you open up the possibility of security holes.
Facebook’s breach impacted a full 10 percent of its users. If you had a cyber attack that affected 10 percent of your own customers, chances are you wouldn’t be back to business as usual in just a few days. In fact, as many as 60 percent of small businesses fail within six months after an attack. To avoid this fate and to prevent your company from becoming the next security breach headline, follow these four steps.
- Conduct a security audit
Customers frequently call us after they’ve suffered a breach and realized they don’t know what they’re doing. Our first step is typically to conduct an external penetration test and security audit. By figuring out where security holes are, we can determine how to address them. Have your I.T. department or a third-party conduct a security audit, and then form a strategy based on the results. By conducting an audit every six to 12 months, you can spot issues before hackers do.
- Train employees
Phishing emails have come a long way from the days of Nigerian princes and piles of gold with your name on them. Today, hackers carefully imitate banks and other legitimate institutions to get you to click on their links. These links lead directly to websites precisely constructed to look exactly like the bank or institution in question, asking you to log in and to update your information or confirm your address. It takes training to spot suspicious URLs, so train your employees to be your front line for security. Start by emphasizing that you’ll never request sensitive information over email and reminding them that even during the holidays, Amazon is not giving out “$50 Free” gift cards! Training isn’t a one-and-done endeavor, either. Update training every six months to stay ahead of hackers.
- Stop spam in its tracks
Even if your employees are experts at spotting phishing attempts, they’re not infallible. It costs hackers virtually nothing to send out millions and millions of spam emails, and all it takes to compromise your entire system is one wrong click. To tilt the odds in your favor, invest in a good anti-spam filter. Not only will employees be less likely to click on the wrong email, but they also won’t have to spend so much time sorting through junk mail to get to what matters.
- Expect the worst
Security breaches are less a question of "if" and more a question of "when." While they can be debilitating for companies of any size, smaller businesses are likelier to be victims, and the blow lands more heavily. Plan for the worst and get cybersecurity insurance. It can make all the difference, helping you recover from an attack and keep your doors open.
Facebook’s breach illustrates that anyone can fall prey to an attack, no matter how many zeroes in your cybersecurity budget. Although Facebook is already back to business as usual, what would happen if your company suffered a breach that affected 10 percent of your customer base? Would your business survive? It wouldn’t be pretty, that’s for sure. If you take steps to shore up your security, you’ll be better prepared to avoid a breach and weather the storm if it happens.