When it comes to protecting your business from a cyberattack, you might be the biggest liability. That’s because if you’re like most small business owners, you probably don’t think you’re a target.
Unfortunately, your safety from risk is an illusion. Even though small businesses face the same cybersecurity threats as large companies, only 28% rate their security capabilities as “highly effective,” according to a 2018 study conducted by the Ponemon Institute. Hackers know that small companies are vulnerable, which is why far more than 28% of small businesses experience cyberattacks annually.
Most small business owners are used to wearing a lot of hats, but I.T. security chief shouldn’t be one of them. Cybercrime has become big business, and more people than ever are trying to get in on the action. The barrier to entry for criminals is small, and unlike major corporations, most small businesses don’t have a dedicated security team to keep would-be attackers at bay. Ideally, you’ll outsource that role to a competent technology company or generate enough revenue to hire at least one dedicated employee. But the longer you rely on an ad hoc approach to security, the more you put your business at risk.
If you’re among the business owners feeling underprepared for an attack, these three strategies will help protect your data.
1. Secure sensitive information.
Even if you don’t have a comprehensive security protocol in place, you should make sure that everyone on your team is diligent about protecting sensitive information. That means every employee must know what type of data should and shouldn’t be sent over nonsecure email, for instance.
If company emails regularly contain information that should probably be encrypted, invest in an encrypted email platform. Choosing not to means putting your entire company at risk. And wherever sensitive data lives, you want to be sure it’s protected not only with strong passwords, but also with a second factor of authentication (2FA) whenever possible. Two-factor authentication is very affordable, or even free, so cost is not an issue.
Company intellectual property, customer and employee data, and financial information are all examples of sensitive information that you wouldn’t want falling into the wrong hands. Make sure it’s protected.
2. Train your team.
The security threat landscape changes almost daily, which is why it’s important to have some kind of ongoing security awareness training for your employees. Making sure your team knows how to recognize potential threats is a critical part of keeping your network secure. Some of the biggest data breaches are caused not by sophisticated malware or state-of-the-art viruses but by careless employees. Phishing emails and spam are landing in employees’ inboxes regularly, and if your team doesn’t know how to tell what’s legitimate and what’s not, your business is vulnerable.
As more people send direct messages on platforms like LinkedIn, criminals have more opportunities to take advantage of unsuspecting employees. Today’s hackers are incredibly detail-oriented and savvy, and it’s always possible that human error will let something slip by. But if you provide your employees with resources in advance, then they’ll know how to respond and your customers will know that you’re taking security seriously.
3. Be smart about passwords.
Changing your passwords is a completely free defense mechanism that you should take advantage of regularly. Yes, it’s annoying, but plenty of free tools are available to help you keep passwords organized.
If you want to centralize all company passwords, you may have to invest some money. But even paid password organizers are so inexpensive that you should never find yourself saying to someone, “We don’t have a policy of changing passwords every 90 days because there’s no way we can remember them.” That just sounds like malpractice, and if you find yourself having that conversation, it’s usually too late.
None of these is a guarantee against a data breach — people make mistakes, hackers get more inventive — but taking the practical measures of using two-factor authentication, changing passwords regularly, and training your employees to guard against phishing scams are basic precautions. Taking these few simple, inexpensive steps strengthens your defenses against cyberattacks and reassures consumers and employees alike that you’re doing what you can to protect sensitive data.