If someone were to ask me what app I use most on my phone, it would have to be my banking app. I am constantly checking my account. Some might find this obsessive, but I was a victim of a data breach a year or so ago, and I am not going to let that happen again. In 2013, Target was a victim of a cyber theft and ended up owing $67 million to financial institutions for the costs incurred. In 2014, Michaels stores experienced a data breach that impacted around 2.6 million cards. You may think because you are a small business that hackers aren’t interested in your network, but think again.
Because small businesses don’t have the defensive structure that larger businesses have, cyber criminals see them as easy targets. Think about it: How much do you rely on the internet for your day-to-day operations? If someone were to get into your network, how much would it cost you to be out of business for a day, week or even months before you get the issue resolved? Here are some numbers the National Cyber Security Alliance tabulated about small business online security:
- 45% of small business owners do not provide Internet safety training to their employees
- 77% don’t have a formal written Internet security policy for employees
- 52% have a plan or strategic approach in place for keeping their business cyber secure
First, determine what areas you are most at risk for a cyber-attack, and then you can be proactive so if you become a target, you have a line of defense.
But how are the cyber thieves getting into my small business?
Yes, the thorn in the side of every email inbox, spam mail. It seems like no matter how many filters you place on your email, spam still gets through. By opening spam email, you are putting your company at risk for viruses and malware.
Use common sense when opening your email. Were you expecting something from the sender? Before clicking on links or opening attachments, did you expect to receive these files or links?
Phishing attacks can impact you or your customers by trying to obtain your personal data, like Social Security numbers or other financial information.
Cyber criminals can do this through fraudulent emails that trick customers by sending emails that look like they are from a reputable company or even your company. Then, the email takes the individual to a website to enter their personal information.
Cyber thieves can also send an email that installs a keystroke program on the receiver’s computer. They are then able to obtain the information that user’s type on their computer.
Lastly, they can take over the web address of a company, and then take them to a fake site where they enter in personal information.
How can you protect your small business?
- Keep your systems up to date- If your computer and other systems have the latest software and are up to date, then your risk is greatly decreased. With many software programs, an automatic update option is available. This will help you stay current without putting more on your plate.
- Scan, scan, scan- It never hurts to scan your system to see what has been downloaded to your computer. You may never know what a site has placed on your computer when you visit it.
- Monitor yourself- Google your business. Google your name. This gives you insight into who might be trying to imitate you to obtain customer personal information. Another way to prevent these types of attacks is purchasing domain names similar to yours, including common misspellings. Limit the ways cyber criminals can imitate you to your customers and the marketplace. Max’s Sporting Goods store sells sporting equipment to teams and individuals. Because of the nature of his business, he has access to personal information of his customers, and could be a target of cybercrime. To watch out for potential threats, he should Google the name of his business “Max’s Sporting Goods” frequently to see if sites come up that are imitating his business. If his website is at maxssportinggoods.com, he might also consider buying the .biz and .net counterparts and misspellings of his current domain name (example: maxssportingods.com) to prevent someone from imitating him in the first place.
- Report attacks- If you do find that a cyber-attack has occurred, report it. You wouldn’t let a burglary go unreported, would you? You can report cyber-attacks at Stay Safe Online powered by the National Cyber Security Alliance.
As your company’s activities increasingly move online, your risk becomes greater for a cyber-attack. Before you become a Target or Michaels, play it safe and create a cyber security plan for your business. Murphy’s Law applies to cyber-attacks; the more prepared you are, the less likely you will be a victim of an attack.