As a small business owner, you might not have the capital, foresight, or internal expertise to deal with cybersecurity threats such as hacks of customer data records and personal information or leaks of financial information or intellectual property.

While ensuring cybersecurity might sit on the back burner for you, it is important to realize that according to the National Cyber Security Institute 50% of all small businesses experience a cyber attack and 60% of those victims go out of business within 6 months. Additionally according to Towergate insurance about 70% of small businesses have no formal security regarding cybersecurity. Don’t be one of those who ignore cybersecurity in the present and then regret it. This article will guide you through the top cybersecurity threats and how you can prevent them.

Here are the top 5 cybersecurity threats for small businesses:

• Ransomware attacks

This type of attack is exactly what it sounds like-hackers get access to sensitive information such as payment details of your customers and extort you for large sums of money. Both paying out exorbitant ransom or letting information leak are detrimental to your business.

• Phishing

Phishing refers to the process of using social media or emails to get you to divulge sensitive information such as usernames and passwords or even social security numbers. Most common phishing attacks against small businesses include misleading emails claiming to be bills or small business loans that ask for information regarding credit checks or “tax purposes”.

• Distributed Denial of Service

DDoS attacks happen when a person or group of people send multiple requests to your server to overwhelm it and cause it to slow down or eventually crash. Think about how useful this could be to possible competitors or enemies of your brand during peak sale days such as Black Friday etc. if you’re a merchandising firm. If your website goes down, your customer will be unable to access it and they might start looking elsewhere.

• Password attacks

There can be two different types of password attacks: brute force attacks and keyloggers. Brute force attack involves trying several random passwords as an attempt to ‘crack’ your password and steal your business's information. Keyloggers are software that track keystrokes, and these eventually lead to someone being able to guess exactly what your administrative username and password is.

• Inside attack

This cyber-attack is akin to getting stabbed in the back. It usually involves a disgruntled employee or business partner that misuses their access to leak proprietary information.

How to safeguard against these threats?

• Secure your web servers

While creating a website on an easy content management system such as WordPress might seem like an effective cost-saving measure in the grand scheme of things, it is important to consider that these open-source systems are highly susceptible to data breaches and cyber-attacks. It is, therefore, worth the money to invest in a custom-built website that does not use susceptible features such as FTP (File Transfer Protocols) or a MySQL server.

• Backup your server and emails.

It is absolutely essential to back up your servers to a local server. That way if a user accidentally deletes data, there is still a backup present to relay back to. Your email correspondence should also be backed up on to a separate server. This allows for detailed records to be kept and once you delete current emails after backing them up daily, any hackers will only have access to a limited number of emails. My suggestion is to use a service like Migadu to back up all corporate emails. You should also make sure to have 2-step verification enabled on all your email accounts.

• Anti-virus software

This should be a no-brainer, but you would be surprised at how common it is for small businesses to forgo investing in a high-quality anti-virus software. If you have any kind of office-issued laptops for your employees, then you must have updated anti-virus software on each of those to prevent any malicious software.

• Strong Passwords

If your password is “password123” then you should definitely be expecting a hacker to cash in on your system. It is essential that you and your employees have difficult passwords. I suggest utilizing a secure encrypted password system such as Enpass to both generate randomized passwords and keep your password safe on their server so you don’t have to remember it or write it down somewhere. I also recommend instructing employees to change their passwords every two months or so to reduce the risk of password attacks.

• Encrypt sensitive data.

It is best practice to encrypt all sensitive data such as client and employee details (home addresses, payment details) and any upcoming projects. If your encrypted data gets hacked, it will be unusable for the hacker. For a mac computer you can use DropDMG and for Microsoft computers you can use veracrypt. These apps ensure encrypted storage for all your data. 

• Have a solid data breach response plan.

In case of an emergency, there must be streamlined steps towards reporting and amending the situation. The first step would be to notify your cyber insurance carrier so their contact information should always be kept safe. Responsibility must immediately be assigned to IT professionals within the organization to ensure that a proper inventory of events and evidence is maintained. You must also inform your legal team and local law enforcement, especially in the case of sensitive data breaches. Lastly, your public relations team or agency must immediately start controlling how word about the cyber-attack gets out.

Conclusion:

Taking your small business to the next level requires extreme attention to detail in all areas, especially cybersecurity. You must invest in safeguarding your small business against cybersecurity threats to ensure continued operations. Prevention is always better than a cure, especially when the “cure” in this case can be up to $53,987 on average per cyber attack according to Continuum’s report on cybersecurity in 2019.

Some interesting statistics from one of the most widely regarded reports in the cybersecurity industry- Underserved and Unprepared: The State of SMB Cyber Security in 2019:

Some more notable statistics:

• 80% of small businesses worry about a potential cybersecurity attack in the next six months.
• 62% of small businesses report that they simply lack the skills to have an in-house cybersecurity specialist
• 52% of small businesses feel absolutely helpless in the face of cyber attacks
• 43% of all cyber-attacks are against small businesses

Sources:

https://page.continuum.net/resources/downloadables/white-paper/bf/thank-you/underserved-and-unprepared-the-state-of-smb-cyber-security-in-2019

https://smallbiztrends.com/2016/04/cyber-attacks-target-small-business.html

Thomas J. Allen, President of BrainScanMedia.com, Inc., Website: https://www.brainscanmedia.com/ 

Author:

Henry Glickel, CPC, CERS

Henry Glickel has been in the recruiting and staffing profession for over 24 years. Henry graduated with high honors from Stockton University of New Jersey and has an MBA with honors from Temple University in Philadelphia, PA. Henry is the author of “The Power of Proactive Recruiting” which can be found on Amazon, Lulu Press Inc., iTunes, and Audible.com. He has almost 25 years of recruiting, sourcing, negotiating, talent management, employee engagement, and retention. He has completed over 2,100 placements in the US, North America, Europe, and the Middle East. His specialties include job profile development, recruiting, sourcing, onboarding systems, employee referral programs, counter offer strategy, surgical recruiting, assessments/testing, recruitment branding programs, and talent acquisition and management strategies/ practices. He holds multiple certifications by national organizations, recognized with best practices award, and has been quoted in numerous periodicals. He has been on radio shows and best practices panels at conferences. Basically, Henry is proud to be a HeadHunter. He lives in New Hampshire with his family on Arlington Pond where he will be recruiting as long as he can. His website is www.henryglickel.com.

Research Assistance by Rida Hassan

USM, Honors College, Presidential Scholar

Major: Economics / Management