Did you know that 58% of cyberattacks targeted small businesses in 2018, according to Verizon’s “2019 Data Breach Investigations Report“? In the U.S., every business that employs less than 250 people, by definition, is a small business.
On average, a small business loses $80,000 to recover from a single cyberattack. The majority of cyberattacks can be avoided by implementing simple security solutions and raising security threat awareness in your company.
Here are some of the most common security threats and the ways to protect your business assets.
Lack of Employee Security Training
Employees are the most valuable asset of your company and it’s important there be a continual investment in their education and professional training. Employees can be the strongest or the weakest link in your business; therefore, it’s important to address them as a potential security threat. A lack of basic security knowledge can lead to falling prey to spam emails, creating weak passwords, visiting unsecured sites or even sharing confidential data through public networks.
To avoid potential security pitfalls, organize frequent meetings and security education for your employees. It’s a tiny investment compared to the average business losses resulted from a cyberattack.
Cybrary is a free education platform where users can enroll in various cybersecurity courses and earn valuable cybersecurity and IT certifications such as Cisco CCNA, CompTIA A+ and others.
Did you know that 32% of all data breaches in the last year were completed through phishing attacks? Through phishing attacks fraudsters try to gain access to personal information such as credit card numbers, user names or passwords through email. Attackers are very creative in crafting fraudulent emails; as such, they require a level of caution and education to protect users. Phishing emails look extremely authentic which makes phishing one of the most common methods for stealing sensitive data.
Phishing emails usually contain one of the following:
- Generic greetings.
- Link or button redirecting to a form asking for personal information such as bank account number, username or password.
- Fake invoices or coupons.
- Sense of urgency.
The most effective ways to protect your business from phishing attacks are:
- Use the latest security software.
- Use multi-level authentication for online accounts.
- Back up data regularly.
- Verify any suspicious emails asking for personal information with the company by going directly to the website and using the official contact form or phone number.
The picture above shows an email allegedly sent by Netflix, but it actually is a phishing mail through which attackers are trying to steal the recipient’s bank information. Phishing scammers can be very creative, so users should always keep their guard up. Here is Netflix’s advice on handling a phishing mail and avoiding confidential data leaks.
Bring Your Own Device (BYOD)
BYOD is an ongoing dilemma for small-business owners. While it increases flexibility and decreases costs, it also exposes business assets to malicious code from a personal device or untrusted employee. The threat of losing valuable data or compromising critical business processes is real once a private device is connected to a business network. Also, dishonest employees can more easily steal sensitive information from the network. And, as always, there is the threat of an employee’s device being stolen or lost.
Here are a few ways to mitigate the risk of BYOD:
- Audit your business network and IT infrastructure to decide if you’re ready to implement BYOD.
- Educate your employees on security basics.
- Implement security policies and procedures.
- Invest in a mobile device management solution.
- Secure every device with an updated anti-virus software.
- Invest in VPN services.
According to the Verizon Data Breach Report, more than 70% of employees tend to reuse weak personal passwords for business purposes. Further, a whopping 81% of data breaches were the result of exploiting weak passwords. The key to mitigating the risk lies in proper education and emphasizing the importance of complex passwords.
Here are a few ways to mitigate the risk of weak passwords:
- Use strong and complex passwords (combine uppercase and lowercase letters, include special characters, don’t use dictionary words, etc.).
- Periodically change passwords.
- Don’t leave your passwords unprotected (documents, notes, etc.).
- Audit your website and network periodically using various vulnerability tools.
Password manager tools have many features to help keep passwords safe, including a strong password generator, password vault and username generator. Most come in free and premium versions and can be an ideal solution for managing business passwords.
Malicious code is a written script that causes undesired results such as data breaches, system damage and personal information leaks. It’s very hard to protect from malicious code just by using anti-virus software. Businesses must educate their employees about malicious code.
The first and most obvious line of defense is installing updated security software such as anti-virus solution. Be sure that your operating system and applications are updated, too. Another step is educating and increasing awareness of your employees about the threat.
Here are a few ways to protect your business from malicious code:
- Install updated anti-virus software.
- Scan your system regularly.
- Use the latest version of the operating system and applications.
- Secure your business network by using WPA2 or WPA encryption.
- Increase awareness of your employees about the threat and consequences of malicious code.
- Don’t share your personal and business information on a public network.
- Don’t open email attachments from an unknown sender.
Invest in Employees’ Security Education
While some security threats are extremely complex, most data and security breaches happen because of a lack of education or awareness about security. Invest in a security education of your employees and set up strict security policies. The last thing you want as a small-business owner is to expose your confidential business and personal information to a third party.