Cyberattacks can be devastating for any business, with IBM’s Cost of Data Breach 2020 Report revealing that the average cost of a breach is $3.86 million.
Breaches are often thought to only be targeted at Fortune 500 or multinational companies. Unfortunately, this way of thinking can leave small business owners especially vulnerable to data loss or worse. Often, hackers will deliberately focus on smaller organizations on the assumption that these companies will have less robust cybersecurity mechanisms in place.
Worryingly, data from Accenture has found that 43% of cyberattacks are aimed at small businesses, yet only 14% of smaller organizations have the resources in place to deal with these threats. With this in mind, we’ve rounded up the key points every business owner needs to consider as regards cybersecurity for small businesses, in order to protect their data and that of their clients.
Cybersecurity for small business: Know your enemy
If you’re not especially technically savvy, you may believe that cyberattacks are limited to viruses. However, the reality is more complex. Here are just a few of the lesser-known threats that could put your business at risk:
- SQL (structured query language injection: an attack in which a hacker inserts malicious code into a victim’s database in order to expose, and access, sensitive information
- Spear phishing: the act of sending an email that appears to originate from a trusted source, such as the recipient’s line manager
- Denial-of-service attack/DDoS: a type of attack in which cybercriminals render a machine or network unavailable, and restrict access from legitimate users
- Spyware: software that secretly monitors a business’s online activity and then shares this information with third parties, such as data firms
- Man-in the-middle attacks: common on unsecured Wi-Fi networks, these involve a third party spying on the communication between two parties and then stealing information such as login details
There’s also another type of attack you may need to consider. As a small business owner, you’d probably like to believe you can trust everyone within your organization. You should remember, however, that threats can originate from anywhere, so it’s always wise to change your passwords whenever an employee leaves your organization.
Finding the right antivirus software
For many of us, finding the right antivirus software is the first thing that comes to mind when we consider cybersecurity for small business. There are a number of apps specifically designed for small businesses, with features that are especially beneficial in a professional environment.
Unlike many traditional plans for home use, these business-specific packages often enable you to add 20 or more users or devices to your license, which could come in handy for a growing company.
Many antivirus packages also enable you to manage your organization’s cybersecurity activity through a single dashboard. From there, you can schedule scans, track the status of your licences, and schedule updates.
But what is the right antivirus software for you? The answer to this question will depend on your company’s specific needs. Avira Prime, for example, offers features such as a password manager, virtual private network (VPN), and PC cleaner for a $99.99 annual subscription fee, which covers five users.
If you’re a sole proprietor, you could consider a plan from AVG, which enables you to protect a single device, with prices beginning at $20.41 per user per year (currently discounted to $16.33). Under this plan, you’ll benefit from features such as real-time protection and remote administration.
A word of warning: if you’re purchasing a non-business plan or downloading free antivirus software, it’s vital you check that the package you choose is licensed for business use.
Always back up your data
Anyone who has ever typed anything on a computer is probably painfully aware of the importance of backing up their data. While many of us neglect to do so on our home networks, it’s crucially important that small businesses back up their crucial information.
As well as protecting you against a massive technical failure, this approach could also safeguard you against a ransomware attack, in which a hacker seizes control of your the systems in your network and refuses to return it unless you pay a fee. According to the Mid-Year Threat Landscape report from cybersecurity firm Bitdefender last year, there was a 715% increase in detected ransomware attacks during 2020 compared with the same period in 2019.
Luckily, there are programs that can make the process of backing up your data far easier. Open-source software Duplicati, for example, enables you to back up your business’s data using strong AES-256 encryption.
Ensure your employees are cyberaware
When you’re aiming to maximize cybersecurity across your business, it can be a costly mistake to overlook your first line of defense: having well-informed employees who understand the importance of remaining vigilant.
Whenever a new employee joins your team, it’s wise to include cybersecurity training as part of your IT onboarding process. From the outset, you should focus on instilling good practices in your employees. For example, they should understand the importance of locking their devices every time they leave their desks, and of running any security updates recommended by your IT department.
However, this should only be the start of the process, and remaining vigilant against cyberattacks ought to remain part of your employees’ continued professional development. You might require your team members to undertake a yearly refresher course or attend mandatory training whenever you install new software across your organization.
Consider phishing attack tests
If you’re concerned your company may not be prepared for potential cyberattacks, you could consider conducting a phishing attack test. This process involves sending a phishing-style email to your staff members, which may appear to originate from a reputable organization. Should any of your employees be tricked into divulging confidential business information, you may need to instigate further training across your company.
Establish a clear policy for reporting breaches
Perhaps the most worrying statistic revealed by the IBM data mentioned earlier is that the average cyberattack will go undetected for 280 days. This is more than ample time for hackers to access and control your most valuable data.
Whatever the size of your business, it’s crucially important you have a clear policy in place for reporting any potential security breaches and that everyone within your organization be familiar with this policy. As well as displaying these on your company’s intranet, you may want to post notices around the office and send regular email reminders.
One of the most serious mistakes a company can make in terms of cybersecurity, however, is to create a climate in which employees fear a reprimand or even the loss of their job if they inadvertently open a scam email or click on a rogue link.
In a healthy business environment, members of staff should feel adequately trained and empowered to talk open about any threat (technical or otherwise) to the business’s future, enabling any issues to be dealt with expeditiously.
With cybersecurity threats evolving on a daily basis, and small businesses representing low-hanging fruit for many cybercriminals, vigilance is essential. Fortunately, there are steps you can take to safeguard your information.
Let’s end on a practical note. For the vast majority of smaller companies, the events of 2020 mean budgets are leaner than ever. It’s therefore essential to factor in expenses such as cybersecurity training and antivirus software when drawing up your annual budgets. Skimping on this expense could prove a disaster for the long-term outlook of your business.
For more information, read our feature which asks has the pandemic changed people’s feelings around personal data?