There has been a quite a bit of buzz lately over the importance of small business cyber security. There are about 500,000 cyber attack attempts per minute around the world, and hackers don’t discriminate — they are targeting everyone from governments to financial institutions to small businesses.
In fact, 44 percent of small businesses report being the victim of a cyber attack, with an average cost of $9,000 per attack. As technology and connected devices become more sophisticated, so do hackers. October marks National Cyber Security Awareness Month, so if you haven’t put much thought into your business’ cyber security strategy, now would be a good time to do so.
National Cyber Security Awareness Month is an annual campaign designed to raise awareness about cyber security by engaging and educating public and private sector partners through events and educational materials. The initiative also strives to provide individuals and businesses with the tools and resources needed to stay safe online, and increase the resiliency of the United States in the event of a cyber incident.
Though small businesses are increasingly targeted for cyber attack, 59 percent of U.S. small and medium-sized businesses do not have a contingency plan that outlines procedures for responding to and reporting data breach losses. For small business owners focused on growing their companies, it’s important to establish a cyber security protocol that can grow with your business and protect your assets.
If you’re unsure of where to start, take a look at these cyber security best practices:
Enable passwords/PINs/lock-out settings on your computer, phone and tablets. Password length is better than password complexity, and is your only defense against hacker “brute-force” attacks (guess your password by systematically trying every possible combination). You should also enable “2 Factor Authentication.” For example: Factor 1 is something you know (your password); Factor 2 is something you have (such as a text message sent to your phone). If you have this authentication enabled, a hacker with your password is powerless without the special message to your cell phone.
Back up critical information
Establish a schedule to perform critical data backups. Test and verify your backups by restoring a test file at least once a year, preferably once a quarter.
Secure your internet connection
Use and regularly update antivirus software and anti-spyware on all computers. Protect all pages on your public-facing websites. Be very careful when connecting to unknown open wireless networks. If you must use one, make sure it is a legitimate wireless network (and not fake WiFi run by a hacker), confirm your internet traffic is encrypted by examining the security certificate of all websites in order to make sure your traffic has not been manipulated with.
Educate your employees
Security is a “process” not a “product”. There is no single piece of software or hardware that can make you secure, meaning that your employees are both your biggest cyber security strength and point of weakness. Make sure that employees are routinely educated about new and emerging cyber threats and how to protect your organization’s data. If your employees are travelling with sensitive data, the entire device storage should be fully encrypted and protected with a long and complex password.
Create a continuity plan
Some small businesses are unable to recover from a cyber attack. Developing a continuity plan ensures that business functions can continue to be performed during a wide range of emergencies, including cyber attack.
Make sure to take some time this month to establish or improve your company’s cyber security strategy. Small businesses in Michigan are encouraged to attend the West Michigan Cyber Security Conference on Oct. 5 in Grand Rapids. This free conference brings together leading cyber security vendors, small business experts and a keynote address from FBI Special Agent Don Whitt. The conference will feature three tracks of breakout sessions: Security 101, Executive and Advanced. Additional small business cyber security resources can be found here, as well as the Department of Homeland Security and the U.S. Small Business Administration.