Cybercrimes are one of the biggest threats to your business. Statistically, small businesses are three times more likely to be hit with an attack than larger companies[1]. In addition, businesses with less than 100 employees are 350% more likely to accidently divulge confidential information by making a cybersecurity mistake1. The reason small businesses are a larger cybercrime target is due to lack of training and proper security.
In today’s world, a small business cannot afford a cyber-attack because 66% of businesses faced a significant revenue loss due to a ransomware attack[2]. In addition, 80% of organizations that paid ransom experienced another attack2. Below are 6 recommended ways to help keep your business safe from cybercrimes like data breaches, cyber extortion, and financial theft.
- Cybersecurity Awareness Training for All Staff
Implement a training program for your office staff regarding cybercrime threats and how your system can become infected. Regularly schedule employee training every 4 to 6 months because new threats continue to evolve and reviewing prevention tips is imperative. The Federal Trade Commission is an excellent resource for cybersecurity awareness, training, and provides free educational materials at https://www.ftc.gov/business-guidance/small-businesses/cybersecurity.
- Backup Your Data Multiple Ways
Your data is your livelihood. If you are ever infected with ransomware, secure backups are crucial in saving you from having to pay money to a cyber-threat actor. Daily backup procedures should include: 1) Automatic backup to a reputable cloud backup provider and also to a local, on-site hard-drive, 2) Encryption with 128-bit AES during backup transmission and storage, 3) Keeping a minimum of 30 previous days of backups, and for files that never or rarely change, a new backup should not overwrite the previous backup, and 4) Routine monitoring of backup logs for errors. DataHEALTH’s cloud backup service offers the security and reliability needed to effectively backup data offsite and locally, and provides customers with backup support from correcting any errors to helping with the data restore process. DataHEALTH has recovered millions of files for customers impacted by ransomware.
- Multi-Factor Authentication (MFA)
More and more businesses are turning to multi-factor authentication (aka two factor authentication or 2FA) to increase cybersecurity. MFA should be used to access areas of your network with sensitive information. MFA is an added step after logging in with your password such as a temporary code on a smartphone, an automated phone call, or a key that’s inserted into a computer. By utilizing MFA, you are significantly less likely to be hacked. Look for a reliable MFA company such as Duo, which is easy and secure to use.
- Use Strong Passwords
One of the easiest, but often overlooked security enhancements is creating a strong password and updating it at least every 6 months. A strong password should consist of at least 12 characters with a mix of numbers, symbols, uppercase and lowercase letters. Don’t reuse passwords and never share them on the phone, in texts, or by email. Minimize numerous unsuccessful log-in attempts to limit password-guessing attacks. Store passwords securely and consider using a password manager such as LastPass, which securely stores, generates, and manages passwords for your local applications and online services.
- Always Keep Software Up-to-Date
Always keep your operating system, software, and firmware up-to-date. This also includes apps and web browsers. A similar term you may hear instead of update is, “software patch”, which means a program is requiring a modification to improve its security, performance, or other feature. Set updates to occur automatically on your computers.
- Secure Your Network and Use Antivirus Software
Firewalls, antivirus, antimalware, and anti-exploit security programs should always stay up-to-date and schedule scans to occur automatically. Hide your Wi-Fi network, password protect your router, and use a Virtual Private Network (VPN) for employees working remotely. It’s time to invest in next-generation antivirus protection, the latest technology in fighting cybercrime with an advanced level of endpoint security protection. This type of antivirus protection prevents all types of attacks, both known and unknown through monitoring, responding to attacker tactics, techniques, and procedures. SentinelOne is a well-known next-generation antivirus protection company, trusted by many.
Gambling with your cybersecurity is not worth the risk. Ensuring these security measures are implemented now can prevent a costly cybercrime in your future.
Ingrid Helgeson is the Chief Operating Officer for DataHEALTH, Inc., a cloud services provider. In this role, Ingrid oversees the intersections of all company departments including customer service and technical support. With more than a decade of experience in regulatory compliance, Ingrid also serves as DataHEALTH’s HIPAA Security Officer. |
[1] Edward Segal, “Small Businesses are More Frequent Targets of Cyberattacks than Larger Companies: New Report”, Forbes, March 16, 2022, Small Businesses Are More Frequent Targets Of Cyberattacks Than Larger Companies: New Report (forbes.com).
[2] Sandeep Babu, “20 Ransomware Attacks Small Business Should Know”, Small Business Trends, December 20, 2022, 20 Ransomware Attacks Small Business Show Know (Small Business Trends)