A quick search for “cybersecurity best practices” will yield millions of results, all with their own ideas of what you can do – but how much of this advice should you be following? For a small business cybersecurity is a critical focus today.
Cybercriminals and hackers are increasingly becoming more sophisticated. Keeping up with their latest methods has become a full-time job.
Some small businesses respond to cybersecurity breaches that make the news, with preventive measures to avoid the same fate and do their best to have enough safeguards in place to protect every element they can. There are still small businesses that aren't doing enough. They still believe these cybersecurity myths.
Myth 1: Small businesses are too small for a hacker to target
Truth: Small businesses make easier targets for many reasons. They rarely have the tech budgets that larger companies do, in order to take every precautionary measure to avoid being hacked. Small businesses are still not taking the threat of cyber attack as seriously as they should.
Sarah Green, an expert in cybersecurity states that small businesses are constantly in denial that it will never happen to them and is the main reason why so many are targeted.
She said: “Small businesses may feel that they aren’t likely to be a target due to their size and that hackers couldn’t possibly be interested in what they do – but in reality the exact opposite is true.”
The threat to small businesses is real and it is not going away. In their Cyber Readiness Report 2018, Hiscox found major shortcomings in cybersecurity readiness in 78 percent of small to medium-sized businesses (less than 250 employees) in the UK.
You may read this and still be thinking 'we only have a few members of staff they won't bother with us'. The same report found that just over one-quarter of small firms (1 to 19 employees) have been attacked. Incredibly, 6% of smaller firms said they did not know if they had been attacked. With GDPR arriving in May that is a position, you can't ever allow your business to be in.
The news gets even worse for a London small business. London has topped the list for the UK cities most at risk. In fact, the capital comes second across the whole of Europe, only behind Berlin.
This information is not an attempt to scare any business. This is stating that the size of your business is not a defence against cyber attack.
Myth 2: Employees of small businesses know more about the company and are more invested in its success, therefore take the time to safeguard their actions.
Truth: The dedication of staff to their employer has nothing to do with cybersecurity. Even the most committed member of staff can be your biggest cybersecurity threat and it's most likely not even their fault.
Three out of every four small businesses have no formal cybersecurity policies or protocols in place for staff, nor training to discuss the latest threats and how to thwart them. Hackers know this and they also know the small business is less protected than larger-sized companies. This is a lethal combination.
Bill Carey, vice president of marketing for RoboForm says "Train employees on cybersecurity best practices and offer ongoing support." Educating your staff is the primary goal "Some employees may not know how to protect themselves online, which can put your business data at risk," he explains.
A survey by Ultima found that 65 percent of companies don’t have any security solutions deployed onto their mobile devices, and 68 percent of companies do not have an awareness programme aimed at employees of all levels to ensure they are cyber aware.
Training your staff is often the biggest win any small business can achieve. By educating your employees about best practices and behaviours, this can help protect your business from attacks.
Myth 3: Small businesses can bounce back faster after a breach
Truth: According to an industry study by The Diffusion Group, who surveyed small business organisations, 60 percent of companies that lose their data close down within six months of the disaster and a staggering 72 percent of businesses that suffer major data loss disappear within 24 months.
It’s reported that less than half of all small businesses back up their data weekly. Let that sink in. The data loss in the event of a hack could have catastrophic results for as many as half of all small businesses. In the event of a breach, companies of any size consider the data loss and downtime to have the greatest impact, followed by the revenue loss – but most of the time, the impact to a company’s reputation isn’t considered until after the clean-up starts.
What if your business is already backing up its data? Firstly, well done that’s a great start but the work doesn’t stop there. It’s vital to regularly test your process for recovering your data from a backup. It’s no good backing up if you can’t recover that data.
As you can see, running a proper backup can be a complex. That is why backups should be part of your business continuity plan. That means if your business systems are compromised, whether it is by a fire or flood in the office or, now the more common threat of, a cyber attack you have a plan of action to limit the effect it has on business performance. The longer your company can’t work the more money you lose.
What comes next?
Hopefully, we have dispelled some of the more common myths regarding small business cybersecurity. So, what are the next steps your business needs to take to start protecting against cyberattack?
Do you know what needs to be protected?
What data do you store? How is that data stored? What protective measures and security protocols are in place? Where are the “holes”? This last question is the most important, and it’s a smart decision to hire an expert to help you with this one.
What formal policies need to be updated – or created?
Every business needs an official cybersecurity policy. This policy should also be updated annually, at the minimum. By having a policy your business can make sure everyone that has access to your data follows the same procedures and the strongest safeguards are in place.
This policy should include:
- Password protocols
Passwords should be unique, complex, and changed regularly
- System updates
Check for the latest updates to all applications and security releases. Recent cyber attacks have been successful because companies hadn't installed the latest updates.
- Privacy settings
Verify that users have the most secure privacy settings on their desktop and laptop computers, as well as smartphones and other mobile devices.
What is your plan for how to handle a breach?
You’ve taken all the necessary steps and precautions, but you still had a data breach – now what? Best practices include daily back-up of your critical resources (which you’ll need to identify) and then test the process to ensure it’s sufficient, just in case.
Talk to experts
Cybersecurity involves a lot of work, especially for small businesses. Not having dedicated staff for IT can put a strain across the business as you attempt to protect your data. You're not in this alone, speak to an IT security expert and work with them to protect your business from attack.
Is your training sufficient?
Make sure your staff is aware of the steps needed for Internet safety, email security, network threats, and how to detect and protect in the event of each. Equally important is what need to be done if something happens and they suspect a threat.
Now you know the myths, it is time to start thinking about your business cybersecurity. Prevent your business from becoming a victim of a hacker this year by making 2018 the year you have an ironclad cybersecurity program.