I won’t mince words, because it’s that important; you’re probably not investing what you should be into cybersecurity, and you’re taking a big risk because of it.
If you’re like most small business owners, the ability to employ remote workers, implement modern technology, and operate using cloud computing, are a large part of the reason your company was able to get off the ground quickly, function, and grow. That’s great!
But what a lot of people don’t realize is that the tech you use, the heart of your company’s operation, is a bigger target than ever for malicious activity, especially when you’re a small business. You’re more attractive to hackers than ever, precisely because you are more vulnerable.
“TOO SMALL FOR HACKERS” IS A CYBERSECURITY MYTH
You might feel confident, overconfident even, that you’ve taken the right steps, but most people are relying on outdated software, old habits, and a “fingers crossed” mentality. You may not even know as much as you think you do about current cybersecurity best practices.
Really, this comes down to cost; you don’t need to be a big company with mountains of client data or passwords to attract malicious behavior online, and if you are attacked, it could be devastating to your operation. The cost of recovery from a cyberattack has more than doubled in the last 5 years alone (over $20,000!), and it’s still rising.
That number doesn’t factor in the additional cost of compliance after the hack, either. In order to follow the law, you’ll have to inform your customers, and maybe even provide identity-theft protection to them. That hit to your reputation could cost you even more, and it has the potential to cost you your business.
Let me say that again; if you’re not investing correctly in cybersecurity, you’re putting your whole business at risk, period.
So, where are your biggest weaknesses, and how can you invest in your business today, so you don’t pay for it down the line?
1.) YOUR EMPLOYEES
Yep. This is your biggest security risk, right here in your office.
Maybe you have a BYOD policy, so that employees can bring their own laptops, phones, and other devices in and save you operational cost. Or, you might allow employees to take their work laptops home for remote work. This is a weak point for malicious attacks, for a number of reasons:
- The devices could be stolen, and still contain client data.
- Your employees might use the same password for everything, or even share passwords with each other.
- They might already have malware on their personal device, and infect the company network without anyone knowing.
- You might be relying on free antivirus software, and nothing else, to keep their devices secure.
SOLUTION: EDUCATION, POLICY, AND ENTERPRISE SECURITY
Do you have a written-down security policy for your employees to follow regarding personal devices, as well as work equipment? If not, you need one, and you need it yesterday.
Training employees on how to prevent phishing scams, how to protect personal and company devices, manage passwords correctly, and transfer data securely will help everyone operate more safely. If you don’t have a dedicated IT department, having at least one point person assigned as a contact should something go wrong is also recommended.
Finally, don’t rely on free antivirus software alone to protect your company or your business assets; your basic firewall will crumple like paper against a DDoS attack. Dedicated, enterprise level security software is necessary to ensure that your business is as safe as possible.
2.) YOUR NETWORK
Because of the more prolific use of personal devices for work-related tasks, you also need to be aware of how your networks could be affected. Personal devices are far less likely to be as secure as your company assets, and this leaves you open to malware, spyware, and other malicious software that can operate nearly invisibly.
If your company allows for remote work, this risk increases. Remote employees can use their personal internet connections, public Wi-Fi, or other unsecured networks to access company information, giving hackers direct exposure to the heart of your company. You need to ensure that bad actors can’t siphon off data as it’s transferred.
SOLUTION: VPN AND ENDPOINT PROTECTION SOFTWARE
A dedicated, enterprise VPN that gives you your own server and IP address will help encrypt your data as it travels over the network, and shield it from prying eyes, while allowing your employees the ability to access the data they need from anywhere in the world.
Endpoint security software is also a must; this helps restrict what remote devices can access your business network in the first place. If your employees use their personal devices to do work, or if they are using company assets, this will help to manage who is connecting to your networks and when.
3.) YOUR CLOUD-BASED APPLICATIONS
A survey done by Lastline at RSAC 2019 found that a third of security pros estimate that half of their colleagues believe the cloud is literally in the sky. Funny, but concerning, since cloud services are providing solutions for nearly every aspect of business. Cybersecurity education is important, and with the increase in cloud-based computing, it’s important to keep your employees informed on how to keep their data secure on your cloud platforms.
SOLUTION: MULTI-FACTOR AUTHENTICATION, SECURE USER GROUPS, AND DATA ENCRYPTION
Access to your cloud-based data needs to be restricted and protected, and a simple password is not going to do that job effectively. Using some form of multi-factor authentication will help limit the gateway to your company’s cloud based apps. Use of secure user groups and strict permissions settings will help police just what information people can gain access to. Depending on the industry you are in, you may also want to restrict the days and times your employees can access highly sensitive data. You’ll also want to look into the apps that you use to determine what their privacy policies actually are, how they encrypt data, and if you need to take extra steps to ensure security. Additionally, personal cloud devices with volume encryption can be useful and practical, if you have large amounts of data to keep track of.
DON’T WAIT FOR AN ATTACK
The most foolish thing you can do for your business is wait until there is a problem to solve it. As we already discussed above, the cost of a single attack on a small business could cost you the whole operation. Spend is rising in the cybersecurity space for a reason, so it’s important that you stay ahead of the game, and prevent waking up to an ugly reality.