Is Your Business Cybersecure? Five Steps to Find Out
Too often, small businesses don’t consider themselves at risk for a cyberattack. Maybe the business thinks it’s too small, or doesn’t think it carries anything worth stealing. But that’s far from the unfortunate reality. According to a 2013 Small Business Technology Survey by the National Small Business Association, 44 percent of small businesses reported being the victim of a cyberattack, with an average cost of approximately $9,000per attack. Cybercriminals thrive on data about employees, customers, bank accounts and many other types of information any small business would carry. And with fewer resources than large firms, small businesses are especially at risk for attacks.
October is National Cyber Security Awareness Month. If you are a small business owner, it is important that you safeguard your critical data. Here are five steps you need take immediately – as soon as this week — to make your business more cybersecure:
- Protect against viruses, spyware, and other malicious code. Make sure all of your organization’s computers are equipped with antivirus software and antispyware and update regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install such updates automatically.
- Secure your networks. Safeguard your Internet connection by using a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
- Educate employees about cyberthreats and hold them accountable. Educate your employers about online threats and how to protect your organization’s data, including safe use of social networking sites. Depending on the nature of your business, employees might be introducing competitors to sensitive details about your firm’s internal business. Employees should be informed about how to post online in a way that does not reveal any trade secrets to the public or competing businesses. Hold employees accountable to the firm’s Internet security policies and procedures.
- Require employees to use strong passwords and to change them often. Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.
- Employ best practices on payment cards. Credit card companies are now shifting from magnetic-strip payment cards to safer, more secure chip card technology known as “EMV.” Are you ready for the shift? Now more than ever, you should work with your banks and processors to ensure you’re using the most trusted and validated anti-fraud services. You may also have additional security obligations pursuant to agreements with your bank or processor. In all cases, you should isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.
And in the event your firm is the victim of a cybersecurity attack, take the following steps immediately:
- Inform local law enforcement or the state attorney general as appropriate.
- Report stolen finances or identities and other cybercrimes to the Internet Crime Complaint Center at www.ic3.gov.
- Report fraud to the Federal Trade Commission at www.onguardonline.gov/file-complaint.
- Report computer or network vulnerabilities to US-CERT via the hotline: 1-888-282-0870 or www.us-cert.gov.
While no one can guarantee your safety from a cyberattack, appropriate planning makes a big difference. By using these tips and resources, you can help promote the safety of your employees, customers, and the future success of your small business.
Source: www.sba.gov
