Not all publicity is good publicity — don’t make the headline news with a cybersecurity breach.
Ever click on something and your browser launches tons of popups or suddenly additional tabs open? It is easy during a busy day to not fully read an email, check the sender, or contents before opening an attachment or clicking on a link. All of a sudden, your business is infected with a computer virus, malware — or worse, with ransomware. Ransomware locks users out of their system and, like its name states, holds your system hostage until a ransom is paid. It can cripple any business: between downtime, lost reputation and cost to recover information, it is a triple-hit to the company.
Phishing is typically via email trying to get one to disclose personal and financial information such as credit card info, usernames and passwords. A study by Cisco shows the impact on downtime and overall costs around these issues.
Three basic considerations in cybersecurity for a small business includes training, tools, and data backup. First train employees to minimize exposure. Second have appropriate software to prevent and remediate threats. Finally, in a worst-case scenario, ensure data is being backed up on a regular basis. Let’s look at each of these points a little more in-depth:
1) Training – The best way to start keeping your business safe is via training. There are many online courses available to train your team. Some companies will also offer a service to send fake phishing emails to test employees after they have been trained. Some of the common techniques include using fake greeting cards, invoices, and emails with urgency in the subject. Hackers are becoming more sophisticated in their methods, and it could literally pay to stay one step ahead. Don’t click on suspicious links, attachments, etc. Legitimate electronic greeting cards do not just send a link and always include who it is from. If it is suspicious – just contact the sender to validate.
2) Software Prevention / Remediation – There is always the possibility of a trusted sources system becoming infected and therefore spread to yours. The FCC has CyberSecurity tips for small business that are publicly available. In addition to training, dedicated software can prevent many attacks. These include firewalls, antivirus and malware protection. Locking down wifi access is also a good call, as is separating payment processing systems from email applications. Keeping software patched to minimize security risk as we have previously discussed is a must, as it is in the best interest of the company producing the software to prioritize security for its clients.
3) Backup / Recovery – The last resort — and an area many people miss — is ensuring a solid backup and recovery strategy. If a hacker breaks through your defenses, having a backup and recovery solution will help minimize impact. There are two considerations when planning. First, how often does the data need to be backed. Second, how fast can it be restored. The deciding factor on backup frequency is the amount of information changed between backups and the impact on the business if it is lost or corrupted. Cost of backups and retention is also a consideration. How many backups are needed and at what intervals, how much will that cost? Some businesses have had a virus or malware hidden for well over a year before being discovered or activated. Does the data need to be instantly available at a disaster recover location or can it wait to be restored? A good Information Technology, IT, consultant can help provide options and recommendations.
There is a great deal of information on cybersecurity all over the internet and some of it may be overwhelming to try and digest. This is a case for engaging with an IT consultant to shore up your defenses. Don’t let a quick click and the wrong item put you out of business.
Have you experienced any cybersecurity challenges or have a best practice you want to share? Feel free to post comments or email them to me. Small Business, Big Lessons™ – Stay safe small business!
About the Author:
Gregory Woloszczuk is an entrepreneur and experienced tech executive that helps small business owners grow their top and bottom line. Gregory believes in straight talk and helping others see things they need to see but may not want to with a focus on taking responsibly for one’s own business. He and his wife, Maureen, started GMW Carolina in 2006.