Cyberattacks on the Rise: 10 Easy Ways Small Businesses Can Prevent Them

Graphic including several icons that all lead to good cyber security
10/29/2020

By: Cathy Caroll

As small business owners tackle competing priorities, cybersecurity threats are continuing to grow. At the same time, a recent survey by the U.S. Small Business Administration found that 88 percent of small business owners thought that their business was vulnerable to a cyberattack, but they weren't prepared to prevent one.

According to the latest FBI Internet Crime Report, an average of nearly 1,300 complaints were reported daily in 2019, with more than $3.5 billion in losses to individuals and businesses—the highest amount ever. COVID-19 has offered another avenue for cybercriminals to steal sensitive information with businesses across the nation relying on millions of employees to work remotely.

Yet many small business owners don't realize the importance of cybersecurity. According to a survey of 500 senior decision-makers of small and midsize businesses, 66 percent believe a cyberattack is unlikely even though 67 percent of small businesses experienced a cyberattack in the last year, according to Keeper cybersecurity's 2019 study.

Without cyber insurance coverage, professional IT solutions, the time to devote to cybersecurity or knowing where to begin, many businesses do nothing. Fortunately, many resources are designed to help.

Here are 10 easy ways to protect your small business from cybersecurity threats:

1. Get a check-up

You can do a free, online, customized assessment of your cybersecurity with the Department of Homeland Security (DHS)'s Cyber Resilience Review. You can use this review to help improve awareness about cybersecurity in your business and identify needed improvements. The review also highlights the ways to continue critical services during operational stress and crises. You can also request the same assessment to be done on-site by the department's cybersecurity professionals.

2. Do basic training

Instructing employees in basic security principles is more important than ever. With increasing numbers of people working from home, hackers are looking for lax telework safeguards. Establish simple policies, such as strong access requirements including multi-factor authentication and lengthy passwords for each online account. Include appropriate internet-use guidelines and make the plan solid by detailing penalties for violating company policy.

3. Secure mobile device data

Mobile devices such as smartphones, tablets and Wi-Fi-enabled laptops pose a risk, especially if they hold confidential information or can access the corporate network. Encrypt data and choose strong passwords so if the device is stolen, vital information cannot be taken along with it. These strategies, including using security software for smartphones, are recommended by the Federal Communications Commission (FCC), which also offers a Small Biz Cyber Planner.

4. Heighten your vigilance against scams

Coronavirus-themed email attacks are targeting a range of businesses, from government to manufacturing and other industries concerned about global shipping disruptions. Fraudulent emails frequently direct you to click on a malicious link and try to get you to reveal personal or financial information. Pay attention to website URLs which may look identical to a legitimate site but may have a different spelling or a domain ending in “.com" versus “.net." The National Cyber Security Alliance (NCSA) recommends that if you are unsure whether an email request is legitimate, use information from an account statement to contact the company directly instead of replying to a dubious email.

5. Protect remote work

Keep thieves from stealing information from unsecured networks. The NCSA recommends several ways to do this. Provide a virtual private network for employee access to work accounts instead of through public WiFi. Update home routers to the latest software secured with a lengthy, unique passphrase. Dedicate a separate WiFi network to company devices, separate from your personal devices. Keep your devices in a secure place, set up an automatic log-out for when they're not being used and restrict work devices to use by employees only.

6. Back up data

Create a system for regularly storing electronic copies of vital business data. Either automate storage on the cloud or put it on a backup hard drive at least weekly. Think of the spreadsheets, databases, financial files, human resources information and accounts receivable/payable files which, if stolen, could cripple your business.

7. Watch the till

Just as you'd close a cash register drawer, electronic payment systems require security. You can do this by keeping payment processing isolated from other, less secure programs. For instance, don't use the same computer to process payments and browse the internet. Be sure that you're using best practices and anti-fraud services offered by your banks or card processors, according to the FCC.

8. Scrub up on security

To reduce the risk of infection from malware, get automated scans for vulnerabilities. DHS offers Cyber Hygiene: Vulnerability Scanning, which delivers weekly reports of problems it detects. It rates which vulnerabilities are severe and require action, as well as those that impact your high-value assets.

9. Draft a recovery plan

Just as you should have a plan for a natural disaster, creating a small business cybersecurity plan is critical. The NCSA advises that the first step in your plan should be disconnecting the affected computers from the network and notifying IT staff or a third-party vendor, reporting it to law enforcement and your lawyer.

This is where your data backup comes in. You can use it to continue operating your business. If electronic records are unavailable, switch to paper to keep the business functioning. Plan for accessing key information if network systems are down.

10. Brush up on the law

Familiarize yourself with your state's data breach notification law. State legislatures are prioritizing ways to address cyber threats to governments and private businesses. Thirty-one states enacted cybersecurity legislation in 2019, which include items such as requiring businesses to adopt certain security practices, regulating cybersecurity within the insurance industry and providing funding for improved security.

Cyberattacks are constantly evolving, according to the SBA. Being prepared can help you stay calm, deal with the problem effectively—and show your staff and customers that you can handle the situation.