If you have a small business or working in a small business, then you also may think cybercriminals will pass over your company. A mindset “not much to steal” is common with small business owners in regards to cyber security, but it is also completely wrong and out of sync with today’s cyber security best practices.
In reality, it was found by the U.S. Congressional Small Business Committee, that 71 percent of cyber-attacks happened at business with less than 100 employees. Even more concerning, according to the 2016 State of SMB CyberSecurity Report by Ponemon, 50 percent of SMBs have had a security breach in the last year.
But why do they attack small businesses more often than larger businesses? Most of the attacks are to steal personal data to use in credit card or identify theft. Large enterprises typically have more data to steal, where small businesses have less security systems, making it easier to steal the network.
According to an article by CSO.com, the top reasons for the high rate of SMB attacks are lack of time, budget and expertise. Not having an IT security specialist, not being aware of the risk, lack of employee training, not updating security programs are other reasons for these attacks.
How can you prevent your business from these Cyber-attacks? Here are some cyber security best practices for business everyone should keep in mind.
Secure your Network with Firewall
First line of defense between your business network and cyber attack is firewall. The Federal Communications Commission recommends that all the SMBs should set up a firewall because it provides a barrier between your data and cybercriminals. For additional protection, with external firewalls many companies are starting to install internal firewalls. Employees working from home also should install a firewall on their home network.
Documentation of Cybersecurity policies
It is noticed that small businesses often operate by word of mouth and experience knowledge but cyber security is one area where it is must to document your policies. The Small Business Administration’s Cybersecurity portal provides online training, checklists and other information to protect businesses. FCC’s Cyberplanner 2.0 can give a starting point for your security document. You can also participate in the C3 Voluntary Program for Small Businesses, which contains a detailed toolkit for determining and documenting cyber security best practices and cyber security policies.
Aware your Employees
Employees often need to wear many hats at SMBs, so making sure that all employees accessing the network be trained on your company’s network cyber security best practices and security policies. To hold employees accountable, you should take the sign of all employees on a document stating that they have been informed of the policies and understand that actions may be taken if they do not follow security policies.
Enforce Strong password practices
Employees think changing passwords is a pain. However, According to Version 2016 Data Breach Investigations Report found that the main reason behind 63 percent data breaches was lost, stolen or weak passwords. Another report stated that 65 percent of SMBs do not enforce password policies. In today’s world, it’s essential that all employee devices which access the company network should be password protected.
Vice president of marketing and business development at Siber Systems, Bill Carey, recommended that employees need to use complex passwords which include upper case, lower case, numbers and symbols. He also said that all SMBs should require all passwords to be changed every 60 to 90 days.
Backup your data regularly
It’s important to prevent as many attacks as possible, but it is still possible to be attacked even with the precautions. According to the U.S. Small business Administration SBA every business should back up word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Be sure to also back up all the data stored on the cloud. To ensure that you have the latest backup, check your backup regularly to ensure that it is functioning correctly.