NO COMPANY IS IMMUNE TO CYBER ATTACKS
SMALL BUSINESSES MUST TAKE STEPS TO REDUCE EVER-INCREASING RISK
Business is booming for cyber criminals. In the past year, large- scale cyber attacks made frequent headlines. What you likely didn’t read or hear about, though, were all the small businesses affected. Their stories don’t often make it into the news — but it’s not because they’re immune to this disruption. In fact, it’s quite the opposite — small businesses are usually more vulnerable as they often don’t have the budget for next-generation IT security defences and often consider themselves to be flying under the radar.
However, just like their larger counterparts, these businesses collect and store vital, often sensitive, information and increasingly have an online footprint, putting them in a vulnerable position that cyber criminals are quick to take advantage of. For instance, a single user tricked into clicking a link in a phishing email can lead to an entire network outage, leaving a small-business owner with only bad options — such as having to pay a ransom — for restoring lost information.
Hacking and malware incidents remained the most prevalent cause of data breaches in the third quarter of 2017, according to data from cyberinsurer Beazley — and occurrences are on the rise, with a large portion of these involving small businesses.
There’s also a huge surge in cyber criminals getting company employees to do the work for them. By impersonating a trusted source, such as a vendor, client or a senior- level executive and requesting an urgent wire transfer or a change to billing instructions, they exploit an employee’s desire to be responsive and efficient. Compared with general hacking and ransomware attacks, these scams are easier for the cyber criminal to conduct and the rewards are much more lucrative.
While you can never completely eliminate the risk of cyber attacks, you can successfully reduce the risks. Here are some tips for small business owners who want to take a proactive approach to cyber-security.
USE PREVENTION AND DETECTION TOOLS
An important first step is to protect your network perimeter and to identify known bad activity. There are plenty of tools available to choose from and some are free to use. Businesses should also consider testing these defences by conducting a vulnerability test.
BACK IT UP AND USE ENCRYPTION
It’s crucial to back up data on a regular basis, but make sure to do so in a secure way. It could be your only lifeline in the case of a ransomware attack. And by encrypting sensitive data, even if it is lost or stolen, you will decrease your odds of having a data breach.
EDUCATE EMPLOYEES ON CYBER- SECURITY AND THREAT AWARENESS
Employees are often the weakest link in the cyber- security chain, no matter how large the company. In fact, the majority of data breaches are based on human error. Make cyber education a regular aspect of employee training. Teach employees to stop clicking on links and educate them on how to identify a phish.
You can also implement an “out of band” procedure for payment requests or billing changes. This means if the request comes via email, you should use a different channel ( one that has not been provided by the requester) to confirm the instruction. For remote access, you should also use multi-factor authentication — in addition to your password, introduce a single-use app-generated code.
CONDUCT RISK ASSESSMENTS AND HAVE A PLAN
It’s essential to have a clear plan of action in case of a cyber event. Knowing where vulnerabilities lie and protecting sensitive data is critical. Having a plan in place will help you react appropriately in a stressful situation when time can be of the essence. Some insurers will provide risk management tools to help build a robust incident-response program.
GET INSURANCE
Cyber insurance is a newer and rapidly evolving type of coverage, and more important than ever because of the digital nature of today’s business environment and the interconnectivity of systems and processes. The risks of a cyber attack denying access to your systems or online platform, or the loss of sensitive data, can all be insured against. Some insurance companies not only offer comprehensive coverage for the ever- changing risk, but also provide comprehensive services before, during and after an incident.
In today’s world, it’s not a question of if you suffer a cyber- attack, but when. All businesses are likely to be hit at some stage. Without precautions in place, an incident could cause lasting damage to your company’s reputation and even to its ability to stay in business. It’s not worth the risk.
ALL BUSINESSES ARE LIKELY TO BE HIT AT SOME STAGE.