Part 6 of the “Things we wish we knew” Blog series
By: Tina Oddleifson, Business Advisor
Most small business owners don’t spend time worrying about cybersecurity attacks. Who would want to pick on your small business anyway, right? Wrong! As business advisors in Maine, we have heard many stories from our clients about attempts and attacks on their businesses. In some cases, this leads to the permanent closure of the business.
According to the US Cybersecurity and Infrastructure Security Agency (CISA) established by Congress in 2018, small businesses are three times more likely to be targeted by cybersecurity attacks than larger businesses. Over 80% of ransomware attacks are targeted at small and medium-sized businesses (SMEs), and 60% of businesses who experience a ransomware attack cease operations entirely within 6 months.
Those are some pretty scary stats, but there are steps you can take to cut down on the likelihood of a cybersecurity attack on your business.
Train your employees
Untrained employees are the leading cause of data breaches for a small business. All employees should know:
- How to spot email phishing attempts. Because of AI tools, phishing emails are getting increasingly sophisticated and often sound like legitimate emails.
- To never click on links, logos, questionnaires, etc. from unknown sources and carefully scan email addresses for attempts to mimic familiar ones.
- How to create strong passwords and turn on two factor authentication
- How to use safe internet browsing techniques
Secure your network
Your connection to the internet should have a firewall and be hidden to the public. If employees work remotely, have them use a virtual private network (VPN) to connect to your network.
Use a Cloud-Based System
While it might seem counterintuitive, cloud-based systems like Google Drive and Microsoft OneDrive typically have a much higher level of security than security you can provide for your own on-premise server.
Backup important files
Always have backups of critical files on an external hard drive that is kept in a safe place.
Update Software and Control Access
Update software, browsers, operating systems, and antivirus software as these typically contain critical security patches. Only assign administrative privileges to IT professionals and key personnel. Downloading and installing software can be a harmful practice and should be limited to those who can assess its security.
Enable multi-factor authentication
Multi-factor authentication means that additional information is needed beyond just a password to access any kind of account. Requiring multi-factor authentication greatly reduces data breaches. Examples include additional pieces of information only the user would know, fingerprints, facial recognition, and one time passwords (OTPs) sent to a cell phone or email address.
Additional Resources
CISA Cybersecurity Advice for Small Businesses: https://www.cisa.gov/audiences/small-and-medium-businesses
SBA Cybersecurity Advice for Small Business: https://www.sba.gov/business-guide/manage-your-business/strengthen-your-cybersecurity#id-why-cybersecurity-matters
Federal Trade Commission Cybersecurity Advice for Small Businesses: https://www.ftc.gov/business-guidance/small-businesses/cybersecurity