While managing a small to medium-sized company, you may think that your business would never be a target for cyber criminals due to the size of your business. Although it may make more sense for a larger company to be the more natural target of cyber criminals, it is more likely for a business with less than 100 employees to fall victim.
Why is that?
Because larger-sized companies are more prone to having a stronger cyber security policy in place with an actual team of IT working for the business. However, small to medium-sized businesses are often more relaxed believing that they are safe due to their small size and nature of the company. But this could not be more wrong.
While a company may have all of the latest devices on hand and the usual protection software like anti-virus and firewall, these are only tools and not a strategy. You also need an initial risk assessment and gap analysis to not what should be protected first and most. Anti-virus is not cybersecurity, it’s just one tool.
This means preparing a cybersecurity strategy that works for your business will not only involve you and your IT team department (or IT provider) but it will also require expert input and advice from a specialist Cybersecurity provider.
Some of the basics we advise client on are –
1. Educate Your Team
We find many businesses (especially small to medium) overestimate the level of computer education and internet awareness people in their team may have. As most people are fairly knowledgeable of internet-based practices, one would easily assume these same individuals are also aware of the steps they must take to lessen their exposure to cyber crime.
Unfortunately, cybersecurity is something that most people don’t think about further than the moment of installing a free antivirus off the internet when they purchase a new device.
This lack of education and preparedness regarding how attacks affect businesses and individuals alike collectively is the reason why cyber criminals target these types of businesses. After all, ignorance is bliss – at least to hackers and cyber criminals in general.
As ignorance of cyber security practices is the Achilles heel of any company, it is a business’s duty to employ the necessary training that is needed for their employees to have caution online, and to apply good preventive measures to avoid a breach.
Teaching your team good security habits, such as running regular updates on all software in personal and company devices, along with providing knowledge on how to identify threats that come with phishing (fake emails), malware (viruses) and other common threats will mitigate your chances of being taken down by an open door left by an employee or team member.
2. Protect Your Data
Common practices such as not sharing personal data online is not enough protection anymore. With current devices storing important information, whether willingly or not, you are more exposed than ever to falling victim to a cyber criminal.
Hackers often gain your trust by using email addresses and websites that may look legitimate and resemble those of other contacts of companies you have ties to. Hackers use tactics such as SMS text messages (Smishing), instant messaging and email to contact you and manipulate you into completing an action with a simple click that will infect your device with malware.
Once your device is infected, your data will be automatically compromised and you may not even know it. It’s impressive and frightening to learn how quickly a company’s intellectual property, private data, research, client and employee’s list and personal information can be accessed to be used as ransom for a hefty payment or sold on the Dark Web without you even realising that a breach took place.
To protect your data, consider working closely with a cyber security provider who can help create a cybersecurity policy for your business and provide you with the protection tools you need to keep you safe and protect your business, your data and your reputation from digital disaster.
3. Understand Real Threats vs Spam
The easiest way for a cyber criminal to get access to your valuable data is by contacting a member of your team via email. The email will often have a link or pop-up that will more than likely contain malware that’s embedded.
As cyber criminals get smarter and learn new ways of attacking individuals, you must also educate yourselves on how to identify a threat on the internet versus spam adverts and pop ups which are common these days. Typically the red flag is when you get asked to input information (eg; personal info, financial info, etc).
This red flag lets you know the threat is more than just annoying adware (advertising software).
If you receive an email or text message from a number or address that you don’t recognise, you should immediately consider it as suspicious, no matter how legitimate it may look. The biggest red flags you will find are spelling mistakes and being requested to enter personal or company information into a pop-up window without you having initiated the communication.
4. Password Management
This piece of advice is rarely followed unfortunately but is so important in your daily habits: do not use the same password for all of your accounts. More so, do not use the same password for your personal accounts as for your professional accounts.
To make this as painless as possible, try using a password manager like LastPass or 1Password.
However, using different passwords is also not the only necessary step to mitigate security breaches. When selecting a password, create a complex password that is at least 12 characters long and includes uppercase and lowercase letters, symbols and numbers.
Although this may make remembering your password a tad difficult, imagine how much more difficult it would be for a cyber thief to access your accounts.
5. Invest in Good Advice
Cybersecurity does not come in a box labelled as “antivirus.” There are many different techniques that only experts can implement in your business to provide you with the protection you need. In fact, anti-virus is only 20% of the protection your business needs.
With more than 40% of cyber-attacks targeting small business, it’s obvious why good advice is critical when it comes to your cybersecurity. Your IT guy is not an expert in IT security and most have little to no training or certifications in cybersecurity.
This is why hackers target small business, because they are the low hanging fruit. It’s easy to hack a small business, much harder to hack a large enterprise like a Bank or Super fund.
For decades, small business owners/managers have been educated that anti-virus is all they need. Yet this education comes from their IT guy who has no cybersecurity qualifications. So the advice is poor and weak cybersecurity is the result.
And the hackers get more low hanging fruit to pick.