Don’t look now, but if you’re a small or mid-size business, cyber criminals have you in their sights.
A whopping 62 percent of all cyber-attacks are launched against small businesses, according to the National Cyber Security Alliance. That’s about 4,000 per day.
Why is this happening? Simple. Smaller enterprises are viewed as easier prey than big banks and large corporations. Less protection, weaker defenses and fewer IT resources.
Sometimes the bad guys make their dirty work obvious. In a ransomware attack, for example, they hijack your system and demand money to free it. Other times, they work in the shadows. They steal data from you and your clients, then plunder it for further exploitation or sell it on the dark web – and you may never know what happened.
And while big companies may be able to survive an attack, smaller businesses might not. Up to 60 percent of small businesses are forced to close their doors within six months of a cyberattack, according to the latest data.
Want to attend a free CLE webinar on August 14, where you’ll learn “Top 10 Things To Prevent a Data Breach?” It’s just one benefit of membership in the Alta Pro Lawyers RPG. Learn how to join here.
11 Steps to Cyber-Safety
1. Be aware of your risk. Acknowledging your exposure is priority number one. Don’t become complacent. Make sure your entire team is educated, on guard and vigilant.
2. Train your staff. Human beings make mistakes. We click on lethal email links. We leave our laptop screens exposed to strangers passing by. We use unsecure passwords. Minimize your risk by holding regular staff meetings to talk about best practices and office vulnerabilities. Encourage people to report suspicious activity. Bring in an outside consultant for cyber-training.
3. Don’t get phished. Email phishing is the most common way hackers break into small office systems. Here are some of the most frequent scams.
4. Have a cyber-security plan. “Implement a password policy and a security monitoring policy, perform firewall updates, conduct regular penetration testing and create an incident response plan,” advises Jon Schramm in this article in Entrepreneur. “Nothing will protect you completely, but you can institute some practical measures. If you can show customers you were actively taking measures to protect them, they will be far more understanding in the event of a breach.”
5. Outsource cyber-safety. Only about 20 percent of businesses believe their internal defenses are capable of managing IT threats, according to a Webroot survey. One solution is to contract with a cyber consultant to audit your system, conduct penetration testing, and recommend new fixes. It may cost less than you think. And it will free up your own IT personnel to focus on daily operations and workflow.
6. Learn how to use your systems. Even if you aren’t personally responsible for running TrustBooks, your phone system or cloud storage, you should have a working knowledge of how these platforms work. That way you’ll know when a system needs to be replaced, repaired or reinforced.
7. Put technology in your name. “You probably have other employees listed as owner or administrator of your technology,” writes business consultant Rhonda Abrams in USA Today. “Stop that! Now! Employees come and go. Even long-time, trusted employees come and go, and certainly the tech contractor will go. When they go, they may control your technology or even take it hostage.”
8. Upgrade from a free online service to a paid version. “For relatively unimportant services, go ahead and use the free versions,” Abrams advises. “But for your critical infrastructure services – such as your payroll, website hosting, document storage – you’re going to find the free versions are not only limited, but you won’t get any kind of tech support and those free services may disappear or change suddenly. For the greatest protection and quality, pay for an appropriate level of service.”
9. Use secure passwords and keep them safe. Sure, you’re sick of hearing this. But the reason you keep hearing it is because it’s so important. Learn how to create safe and strong passwords.
10. Backup vital info. Do this even if it’s stored with a top-level cloud company. You can never be too careful with your client data, financial information and personal information.
11. Bookmark this site. The National Cyber Security Alliance runs the StaySafe website. It is filled with safety tips and news on emerging threats.
Alta Pro Insurance offers comprehensive cyber-liability coverage, and our Lawyers RPG website provides valuable tech tools and risk management resources. Learn how to join here.