We've all heard the story: A major company scrambling to right the ship after a security breach. In the wake of regular large-scale data breaches, formal apologies and widespread password resets are becoming the norm. With even the big players falling prey to cyberthreats, where does that leave today's small businesses (SMBs)?
There are 28 million small businesses in the U.S., and approximately 90 percent don't have specific systems and processes in place to protect customer and company data. Unsurprisingly, this makes SMBs incredibly popular targets for cyberattacks, and these attacks cause 60 percent of affected SMBs to go out of business within six months. Not only can a cyberthreat cause serious financial harm – the average small business with a compromised bank account loses $32,000 – but a breach can permanently damage a company's reputation.
October was National Cybersecurity Awareness Month, which makes now a good time for your business to think about its security systems and strategies. Taking cyberthreats seriously means understanding how your business assets are likely to be targeted and putting systems in place to detect a breach as soon as it happens. Reacting quickly and effectively to limit the impact is key.
The biggest cybersecurity threats
You've almost certainly received a phishing email: If you were lucky, you recognized it as something suspicious and deleted it. How do these annoying and dangerous inbox infiltrators work? Essentially, phishing emails masquerade as legitimate correspondence to get you to divulge personal information. Most often, these emails direct you to a fake website or ask you to download a file.
Phishing emails are among the most common ways attackers find entry to your company's systems. More than 90 percent of cyberattacks worldwide originate from these types of emails. And the practice is picking up steam: Instances of phishing rose 46 percent between the end of 2017 and the second quarter of 2018.
Other cyberthreats to be aware of are malware and ransomware. Malware is any malicious software written to harm, while ransomware is a type of malware that goes a step further by taking over your computer systems and denying access to data. As its name suggests, ransomware effectively holds your resources hostage. The cyberattackers usually say you can get your data back – at a price, which is often paid in cryptocurrency or by credit card – but this "agreement" is not always honored, and there's little you can do if data isn't handed back. Ransomware is most often delivered as a phishing email attachment, making these fake correspondences particularly hazardous.
The third threat to SMBs is a data breach through hacking. This is the directed attack where hackers make their way into a secure network by circumventing security. They sometimes break into systems using complex tactics like you've seen in the movies, but more often than not, they get in by using existing usernames and passwords. Because so many people reuse passwords or employ incredibly simple ones, hackers stroll in right through the digital front door. For this reason, it's important to educate both employees and customers about optimal login habits and the importance of complex passwords.
Protecting your small business
While this can all sound like science fiction, malware is booming: In the first quarter of 2018, 1.9 million new mobile malware threats were detected. The good news is that security for your business is achievable. Here are four steps you should take.
1. Designate a cybersecurity point person and empower them to implement solutions from a trusted security partner. Even if you don't have a dedicated IT person on staff, it's important to appoint someone within the company who is knowledgeable about cybersecurity. Without a point person, it's too easy for this crucial consideration to be overlooked.
Leverage the power of best-in-class cybersecurity solutions, like those offered by McAfee, to protect your data. In companies without effective security measures, threats remain in the system for almost a year, on average, before they are detected.
2. Establish a security perimeter around your crucial systems via multifactor authentication. Data should be password-protected, and an additional form of authentication is also advisable. A one-time PIN, like the code that many popular social media sites send to your phone when you log on from a new device, is a good example. There are plenty of identity access management companies out there that provide simple and affordable solutions.
3. Provide training to employees about how to recognize suspicious emails and phishing attacks. Hackers are becoming more creative, and the differences between legitimate and phishing emails are often subtle.
4. Regularly back up your network. Once you've confirmed your system is healthy and you've established your security solutions and protocols, perform regular backups. Before downloading any files, make sure they are scanned for safety.
In the event of a breach
By doing the above, the likelihood of a breach is minimized, but it can still happen. It's almost impossible, for example, to protect yourself completely against an employee who decides to go rogue and copy data. How you respond to a threat could decide the fate of your business.
What should you do? In the immediate, stay calm, and look to the protocols you previously established. These procedures were designed to limit damage and provide a quick response. Check on your last reliable backup and make sure it remains secure. Contact your security partner immediately and ask their help in responding to the threat.
If customer data has been compromised, informing them of the breach is your next step. Let customers know exactly what your company is doing to resolve the issue and don't beat around the bush.
Whatever concern your customers express when learning of the threat, it's preferable to the organizational shame of hiding a breach and having it uncovered later. Give customers information about how they can protect their data going forward and how your company plans to do this better in the future.
While no one can guarantee your company won't suffer a cyberattack, putting the right security measures in place can get your small business as close as possible to complete safety.
Having the right cybersecurity measures in place can make all the difference when it comes to protecting your small business. Learn how Dell's security solutions can prepare your business to face any threat.