No business is immune to cyberattacks, which are a growing threat for small businesses and the US economy in general. Businesses need to reevaluate their cybersecurity programs — or lack thereof.
While cybersecurity threats are constantly evolving, the risks are not diminishing anytime soon. According to a recent US Small Business Administration (SBA) survey, 88% of small business owners feel vulnerable to cyberattacks. Yet many businesses feel they can't afford professional IT solutions, have limited time to devote to cybersecurity, or don't know where to begin.
Why Small to Midsize Businesses Are Perfect Targets
Small businesses are attractive targets because they have information that cybercriminals want, and they typically lack the security infrastructure of larger businesses. This threat has expanded along with the progression of technology. As more business gets conducted online through cloud services, if a company doesn't not use strong encryption technology, a hacker can easily access sensitive data.
There is also a common misconception among small to midsize business owners who think that due to the size of their business, it is unlikely they will be targeted by a cyberattack; they often feel they are not "high profile" enough. This can leave businesses even more vulnerable. In 2020, the global average cost of a data breach was $3.86 million, and it's likely to increase in the foreseeable future.
Here are four ways small to midsize businesses can protect themselves against cyberattacks:
1. Educate Yourself
Business owners often think, "It won't happen to me," when in reality, it's not a matter of if a cyberattack will happen, but when. Erring on the side of caution is not only the safest thing to do, but it is the right thing to do. The first step in improving your cybersecurity is understanding your risk of an attack and figuring out where you can make the biggest improvements.
2. Adopt Strong Policies and Best Practices
One of the first steps to securing your network is to make sure your employees understand security policies and procedures. Establish basic security practices and policies for employees and create employee and IT-related policies that comply with any applicable governmental laws or standards (such as the New York SHIELD Act). Companies are considered compliant if they implement reasonable administrative, physical, and technical safeguards.
3. Educate and Train Employees
Employees are one of the leading causes of data breaches for small businesses; they offer a direct path into a business's systems. Teaching employees basic Internet best practices can go a long way toward preventing cyberattacks. Training should include how to spot a phishing email, using good browsing behaviors, avoiding suspicious downloads, creating strong passwords, and protecting sensitive customer and vendor information. And it should not be a one-and-done event; rather, schedule yearly or semi-yearly refresher courses to keep security top of mind.
The majority of malware is delivered via email, putting a business at risk if an employee unknowingly clicks on a phishing email or downloads a suspicious document. Therefore, educating employees on the risks and conducting security trainings are wise ways to safeguard a business.
4. Invest in Cybersecurity Tools
For an added layer of protection, the next step businesses should take is investing in cybersecurity software. While there is no substitute for dedicated IT support, businesses can still take measures to improve their security. Businesses need antivirus software that can protect all devices from malware, viruses, spyware, ransomware, and phishing scams. Software should not only offer protection, but also technology that helps you clean computers as needed and resets them to their pre-infected state. Investing in email gateways such as Mimecast, Proofpoint, or Microsoft Exchange will support cybersecurity plans and tactics.
Businesses should also take advantage of the public resources and tools available to them. The Federal Communications Commission, for example, offers a cybersecurity planning tool to help businesses build a strategy based on unique business needs. The Department of Homeland Security's Cyber Resilience Review offers a nontechnical assessment to evaluate operational resilience and cybersecurity practices. This assessment can be done by the business itself, or a business can request a facilitated assessment by DHS cybersecurity professionals.
Arm Your Business Against Cyberattacks
Cyberattacks will continue to pose a threat to small and midsize businesses. By taking these necessary defensive steps, you will safeguard your company from future attacks, keeping your businesses protected and operational.