Cyberthieves are increasingly targeting small businesses the U.S. Small Business Administration warned this month during its National Cyber Security Awareness Month campaign. In 2013, 44 percent of small businesses reported experiencing a cyberattack, at an average cost of $9,000 per incident, an SBA survey found. Last year, 34 percent of phishing emails impersonating a familiar person or business targeted small companies with one to 250 employees, up from 18 percent in 2011, according to security provider Symantec. SBA senior area manager Eric Giltner says small businesses are vulnerable because they often don’t see themselves as a target. But thieves do, so even if your small business is still in the start-up phase, it’s important to start taking steps to secure your company now.
Use Antivirus Protection
To help small businesses protect themselves, the SBA has launched a new web page with links to cybersecurity tips. The first step the SBA recommends is making sure your company computers are equipped with antivirus software configured to update automatically and download the latest security patches. No matter what preventive measures you take, breaches will inevitably occur, so keeping your antivirus software updated will give you the best chance of detecting a breach when it happens and before it can spread damage.
About half of all malware attacks involve generic data-stealing software, according to an Anti-Phishing Working Group cited by LifeLock’s security tips blog. To block this common attack, LifeLock recommends keeping your operating systems and browsers updated along with your antivirus software.
Secure Your Network
Securing your company network is another fundamental safeguard. Installing a firewall and using encryption will help protect your network from outside intrusions. For Wi-Fi networks, configure your router or access point so that it does not broadcast your network’s name (Service Set Identifier or SSID). Activate password protection for company routers.
Educate Your Employees
Ninety-five percent of successful cyberattacks involve human error, according to IBM and the Cyber Security Intelligence Index. This makes training your personnel to follow good security policies crucial. The FCC provides an online planner tool to help your company generate a customized security plan. Create a plan and make sure your security team and other staff members know their responsibilities for implementing it.
Educate employees about how to handle sensitive data such as passwords, customer data, and company trade secrets. Employees should know how to choose a strong password that includes letters, numbers, and symbols. Using password managers can help your staff generate more secure passwords automatically. Training should also cover issues such as how to use company devices and networks safely and what to avoid posting on social media.
Restrict Access to Authorized Personnel
Restricting access to company accounts and devices will help prevent unauthorized personnel from using them to steal sensitive data. Create unique accounts and assign unique devices to each employee. Restrict administrative access to key personnel only. Have employees lock up their laptops when not in use. Smartphones should have lock screen options activated.
Create an Action Plan
No matter what preventive steps you take, there always remains a risk of security breach. Make sure your security team has a plan to respond to an emergency by taking steps such as locking down and wiping compromised devices and notifying employees and customers. Train your employees how to respond in the event their device is lost or stolen.
Use Secure Payment Processing
With new EMV chip compliance policies placing additional liability on companies for stolen customer data, it’s imperative for your business to use secure payment processing technology. Work with your financial institutions and payment processing provider to make sure you’re using the best current tools and practices. Get equipped with chip-card processing equipment to reduce your potential liability for customer identity theft. Have your payment processing provider isolate customer financial data in a secure location away from the rest of your company data, where it will be less vulnerable to theft.