Last updated on January 30th, 2021 at 10:44 am
Because small businesses don't generally have large cyber security budgets or staff, the can be tempting targets for cyber criminals.
This post is a guest submission. Please see our Affiliate Disclosure & Notification for details.
As a small business owner, it’s easy to assume that cybersecurity threats are something to worry about when your company gets bigger. After all, most of the cybersecurity breaches that you hear about in the news happen to big businesses.
But think about it – if a big company, with all the best security strategies in place and insurance to cover the loss can suffer a breach, isn’t your small business at an even higher risk? Small businesses are a huge target for cybercriminals. They don’t often have the resources available for tight security and many small business owners don’t realize how important it is. It’s fair game for hackers.
There’s never been a better time than the present to start thinking about your small business’s cybersecurity. If a breach were to happen tomorrow, would your company be able to survive it? If the answer’s no, there’s a lot of work to be done.
Here’s why – and how – small businesses should be taking cybersecurity a lot more seriously.
Everyone’s at Risk
Over the past couple of decades, technology has become a rapidly more integral part of the workplace. From email communications to financial transactions, it doesn’t matter what kind of company you’re running, what you sell, or who your customers are – you use technology. Businesses of all sizes rely heavily on technology to remain connected at all times and ensure that work is conducted efficiently.
The number of SMEs that have suffered cyber-attacks or threats in the past few years is on the rise. They might not make the newspapers, but that’s not to say it doesn’t happen. So, what can you do to make sure your small business is armed with the right defenses?
Get Familiar with Common Cyber Security Threats
In the UK, the Cyber Security Breaches Survey carried out in 2018 found that almost half of British businesses had reported cyber security attacks or breaches in the past year. Data breaches resulted in lost files, system or website corruption, software loss or corruption, and in severe cases, loss of intellectual property or assets.
As you can see, it’s a serious matter – and it’s an issue in every part of the world today. No small business is safe from cybercrime.
The easiest way to improve your defense is to know what you’re looking for. Many attacks can be stopped in their tracks if they are identified quickly. Some of the most common cyber security threats include:
- Scammers impersonating a business via phishing emails
- Other fraudulent emails, for example, impersonating a senior member of staff, bank, or another trusted individual or organization to elicit sensitive information from a staff member
- Viruses and other malware
Creating a Culture of Security
Once you’re familiar with what to look out for in terms of cyber threats, don’t let it stop with you. The businesses with the best defense against these crimes have a culture of cyber security right from the intern to the CEO. Nobody is immune from being a target, and everybody should work together.
Employee training is crucial to create a culture of cyber security and threat defense in your business. And, don’t just send your staff on one training day and leave it at that. Ongoing refresher training is crucial.
Many businesses implement one or more members of staff who are dedicated to cyber security. This may be their full-time role or an additional responsibility, depending on the size and needs of your business. You might want to consider offering to invest in a masters of computer science from Wilfrid Laurier University for a suitable member of staff; it’s a win-win situation as both of you will benefit from the new skills and knowledge that they will gain.
Additionally, you should:
- Train all staff to recognize the signs of a potential cybersecurity threat and what to do if they suspect a threat by requiring them to take cybersecurity online courses.
- Encourage caution – double-checking that emails have come from who they appear to be from and never sharing passwords or access without express permission, for example, are solid habits to implement in your workforce.
- Encourage communication – often, cybersecurity breaches happen because a member of staff didn’t think something was worth talking about. Make sure that your employees know that they can always speak up about any perceived potential threat and it will be taken seriously, no matter how small.
Data Leak Protection
Data leaking is one of the biggest and most devastating threats for small businesses. A data leak can be extremely damaging to not only the company, but individuals too.
Businesses of all sizes hold a wide range of data. This could include customer information, employee data, and more. This data often holds sensitive information like personal and financial details which could easily be put at risk if the business does not take the appropriate steps to protect it.
Limiting the amount of information that is available in the public domain is the number one step that small businesses can take to ensure that their data is protected from leaks.
Other methods of defense include:
- Use a ‘burner email’ when signing up for a site or service rather than your real email address.
- Restrict access to sensitive data to just a few trusted employees.
- Store data securely in the cloud with strong password protection.
Ransomware is a more dramatic type of cyber threat that you may have seen in the movies, but is unfortunately all too real for many small to medium businesses today. Ransomware is a type of malware that essentially holds your business’s data to ransom by encrypting it. You’ll usually be directed to pay a large fee to unlock the data – and there’s no guarantee that this will actually happen.
But you store all your data securely in the cloud, so you’re not at risk of ransomware, right? Wrong.
While data stored on computer hardware has typically been at risk of ransomware threats, we’re beginning to see these types of cyber-attacks rise in prominence with the increased use of cloud services for storing data. Again, nobody is safe.
To protect against ransomware attacks, you should:
- Ensure that your data is safely stored in multiple places: Don’t just rely on the cloud alone for storing data. Keep back-up copies on external hard drives, so that if you are subject to a ransomware attack, you haven’t completely lost everything. The idea that storing data in the cloud alone is a defense against ransomware attacks is a misconception.
- Invest in specific ransomware protection software: Another common misconception is that all antivirus software is able to sufficiently protect against ransomware. Hackers are constantly upgrading ransomware to bypass common antivirus software packages. You should invest in a software package that’s specifically designed to protect against this type of attack. Choose one that uses deep learning malware protection to defend your business from the widest range of attacks. And, make sure that it’s regularly updated.
Social Engineering Protection
Phishing is one of the oldest cyber-attack types out there. It’s been around since the 1970s with the infamous Blue Box, created by John Draper to hack telephone systems.
As time has gone by, technology has significantly advanced – but the methods by which phishing attacks are conducted have kept up.
What is phishing? It is the process of fraudulently attempting to gain information from an individual or business in order to exploit the account that data is associated with.
You may have fallen victim to a phishing attack or attempted phishing attack in your personal life. Maybe you’ve had one of those telephone calls where a recorded message tells you that you’re eligible for a cheaper deal on your utilities and asks you to enter your credit card details to take advantage of it.
Or a personal favorite – the Nigerian prince who so happens to be related to you has let you know that a long-lost relative has passed away leaving you a million dollars in your will and you can have it today, as long as you hand over all your bank account details.
Some phishing scams are downright fishy, and can be spotted from a mile away. But others are more sophisticated and can easily fool anybody.
What are some examples of common business phishing scams?
- An employee opens an email that appears to be from the CEO, asking them to confirm their login details to the system that holds customer data so that it can be changed. Since the CEO already has access and there’s no reason to believe the email comes from anybody else, the employee replies with the information requested. Now a hacker has access to the data storage system. A breach occurs and customer data is leaked.
- A senior manager opens an email that appears to be from the bank that the business account is held with. The email asks them to log in to confirm a recent transaction. When they enter their login details, the information is sent straight to the hacker, who logs into the business bank account and transfers all the money to themselves.
Signs to look out for:
- Misspellings in the email address
- No security symbols
- Misspellings in the email body
- Something is just ‘off’ – a logo out of place, or a wrong address for example
Don’t leave it to chance – double check that any email you receive requesting sensitive information is legitimate. If you run a small business, you’re at risk of cyber-attacks. Keep these tips in mind and build your company’s defense.