3 Cybersecurity Tips Your Business Needs

  • Home
  • Blog
  • 3 Cybersecurity Tips Your Business Needs

We are all guilty of the ‘Not much to Steal’ mindset.

“It won’t happen to me”, “I don’t have much to steal”, “We don’t store any sensitive data!”, etc etc etc.

We have all either made or heard these statements.

The “not much to steal” mindset is common with small business owners in regards to cyber security, but it is also completely incorrect and out of sync with today’s cyber security best practices.

Cybersecurity: Investment or Expense?

Business owners traditionally think in terms of ​profit and loss​. Things that generate enough revenue that they yield a profit are good.

Expenses or activities that yield a loss are bad. Many business owners view cybersecurity as falling firmly in the expense category, which makes it bad in their view.

Let’s have a self-assessment, ask yourselves the following questions:

  1. Is my reputation and trust of my clients, investors and partners important to me?
  2. What will I lose if I get hacked?
  3. Is the privacy of my clients data(no matter what I collect) not my concern?

If you said YES to 1 or 3, your business most definitely needs cybersecurity.

No need to worry though! If you don’t have any security in place, this article is for you.

Here are 3 cybersecurity tips your business needs. Easy to implement and affordable practices to get you started in becoming a digital safe house!

1. Cyber Security Awareness Training

The biggest threat to businesses today is not vulnerable systems and machines, but the humans operating them.

According to Verizon, Social Engineering attacks account for over 50% of cybersecurity intrusions in one form or another.

This includes social media, search results, email phishing, voice phishing, SMS phishing, and link bait. Then there is reverse social engineering, where someone learns enough about your business to be able to convince you they are the ones to solve your problems when they are really behind the hack in the first place.

Social engineering attacks can occur in multiple instances. One kind might be directed at the CEO or CFO like in the “CFO Scam” otherwise known as the Business Email Compromise scam. Others can be directed at corporate websites, using fake comments, fake vendors, and fake customers to deluge a small business with negative comments and create a bad vibe.

Other social engineering attacks can occur through social media; with LinkedIn and Facebook especially often used to mine information about who is who, and what they do inside organizations. This can be used in good ways obviously, but also to inform attackers about potential vectors.

Social engineering can take the form of someone contacting your customer service representatives, with just enough information about a certain account, to request password changes. Or address changes. While this may be directed at a specific user or client, it affects your company directly and can result in litigation or loss of business or both.

Reputation security of your brand, your key employees, and even the owner of a small business is just as important as cyber security and all businesses need to pay attention to external attacks that may start as, or be through search or social media. A small business might have up-to-date cyber security controls and protocols, but may still be open to reputation attacks. Set up Google alerts in your brand name, key employees’ names, and your own. Monitor for any changes in search results which are often tied directly to reputation attacks. Create a social media plan that encourages employees to not share any work-related information, and trains people how to ascertain fake accounts versus real ones.

It should not take a cyber horror story to get your company investing the time, money, and training to protect your business., Protecting the security of the business is viewed as a positive thing to share with investors, due diligence teams from prospective partners, and or even with your clients. All of us want to do business with safe companies, or those perceived to be that way. In fact, there is a huge incentive. Recent studies show that on average 20-25% of US companies that suffer a data breach permanently lose clients. This number can increase dramatically if the breach is with a financial company, health care company, or insurance company.

So do not wait. Educate yourself, your colleagues, and your employees. Learn what kind of cybersecurity you need and how it would be implemented across your business. Do not assume you won’t be attacked. Do not assume your own business is too small or not worth a hacker’s time. Take the necessary steps beginning with education. Then begin to form an action plan and next steps.

2. Regular Data Backups & Limiting Employee Authority to Install Software

Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly, and store the copies either offsite or in the cloud.

Do not provide anyone employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.

3. Install a Firewall

There are multiple types of firewalls, including solutions specifically for websites. Generally speaking, a firewall serves as the first or sometimes the second point of response for all incoming traffic including normal and business-related data/voice data. A firewall will defend a network, a device, or both against multiple kinds of cyber attacks.

This could include things like malicious code insertion, denial of service, data stuffing, viruses and potentially malicious payloads in documents. Usually, a firewall will work best when configured onto a specific network or device to the needs of that specific instance. Not using a firewall is a novice mistake since they do capture and stop a large number of certain kinds of attacks.

This being said, however, a smart attacker, using social engineering and or network monitoring, even network penetration can create malicious code designed to bypass firewalls. This is why layered cybersecurity approaches to even the smallest business can reap long-term rewards.

The kinds of threats facing a small manufacturer versus a small FinTech company; are simultaneously different and the same. Each industry has specific devices, use cases, and technology that need securing in different ways. However, all small businesses need to use common sense and some basics; like strong password rules, firewalls, HTTPS websites, two-factor authentication, encryption for both data storage and transmissions like email or website.

After implementing these steps, are you secure?

No. This is a good start though.

Cybersecurity is a continuous effort and should be viewed as an integral business function.

Need help making an effective multi-layered cyber plan based on your business needs?

Reach out to us and we will help.

Until next time,

Stay safe Proteq’tors!

Leave a Reply

Your email address will not be published. Required fields are marked *