If you’re anything like me, you find this all a bit surprising. After all, we hear a lot about the global hacks on companies like Target, Equifax, and even the CIA. But we rarely hear about a cyber attack on our local accountant, mom and pop retail store, or YMCA. The most tragic part is that smaller companies are not just more vulnerable to being targeted, they’re also much more likely to go out of business because of it. Research shows 60 percent of small businesses close within six months of a breach.
This is disturbing, right? Especially if you own a SMB like I do. Luckily, there are a few simple steps you can take to improve your company’s security without spending a lot of money and significantly impacting your profit margin—something we all want.
Train Your People. Untrained employees are a hacker’s dream come true. In fact, human error accounts for nearly 90 percent of all cyberattacks. Go read that sentence again—90 percent! Untrained employees are less likely to log out… change their password… avoid phishing scams… adhere to your industry regulations… or any host of other security-related issues. To help, make cyber security top of mind for all your employees. Educate them on the role they play in protection. Everyone in the organization plays a role—from the front of the store to the back office. Don’t just settle on downloading spyware and scanning computers every few weeks. Invest in a quality firewall. Run recovery protocols and patches. And if you don’t know what that means, take time to learn about cybersecurity and the best ways to keep your company—and its data—safe.
Keep It Simple. Especially with the rise of as-a-Service software, companies are finding themselves with a web of different providers and security programs—none of which necessarily work well together. Why does it matter? As I have mentioned before, fragmented systems are an enemy of security. Simple frameworks make it much easier for smaller companies to get a handle on everything happening in their cyber environment, and much easier to fix if something goes awry. Look into adopting a cybersecurity framework that can be adapted and changed as you grow. The National Institute of Standards and Technology issued a guide for SMBs in 2016 that is incredibly easy to follow. Users go through a simple risk assessment to help understand vulnerabilities while also identifying the type of data they store—incredibly valuable information.
Update. I know it’s a pain to run updates on our devices. After all, we want to be connected 24/7, and security scans and updates can slow us down—and push us offline altogether. The thing is, the pace of technology is so fast that security software is outdated as soon as you download it. Running a scan using old software leaves you tremendously vulnerable to new threats. Make updates a priority—and make sure your employees do the same.
Change your passwords. This seems like it should be a basic priority, but think about the last time you changed passwords for anything, like your online banking or email account. My guess is you can’t remember. Make it a company-wide policy to change passwords every six to 12 months, even moving to two-factor authentication when possible. And when I say “change,” I don’t just mean adding a new number of exclamation points to the end of your previous password. I know it’s annoying to have to remember the whole host of passwords we use in our lives every day, but taking time to make a strong and complex password will go a long way in keeping your company and customers’ data safe.
At the end of the day, there are two types of hackers—those who aim for specific big-money targets, and those who attack smaller business, knowing sooner or later they’ll hit one that didn’t take the time to secure their systems. In today’s marketplace—which is so incredibly dependent on data—that is simply a risk no company—big or small—can afford to take. If you’re a SMB, take the proper steps to secure your company. Invest time, if not money. Get to know your vulnerabilities, understand what would happen if your data was compromised and adjust accordingly. You may not be able to budget for a dedicated cyber security specialist—but you definitely can’t afford to neglect it altogether.
This article was first published on Converge.