What is your business budget for cybersecurity in 2020? Have you even thought about it? Is it too small?
There’s no judgment here – the average small business spends under $500 on cybersecurity, according to statistics. It’s understandable. After all, a small business has to make every cent count.
If you currently have a good antivirus program in place, you might think that your data is already secure. But that could be a very expensive mistake to make.
Like most people, you probably worry about being safe online. You know to be careful about downloading anything from an unknown site. That’s a good start. What you don’t know, however, is that browsers only accounted for 13.47% of exploited applications worldwide in 2019.
Microsoft Office was in the lead—at 72.85 percent—of the most exploited applications last year. It’s not that Microsoft Office is any less secure, it’s just easy to sneak an infected file to the end-user.
A hacker might, for example, pose as a client wanting to order goods. They might then attach their order in an Excel spreadsheet, embeding a virus into the file. When the recipient opens the spreadsheet, the virus springs to work.
If someone at your company received an order in this way, odds are they wouldn’t find it suspicious. After all, it’s presented in the form of a sale! Unfortunately, an antivirus program can’t stop them from opening the attachment.
If you’re questioning the effectiveness of your cybersecurity at this point, read on for some changes you can start making today to better secure your data in 2020.
Understand That You are a Target
Hackers are only after big companies, right? You’ve seen headlines of hacks relating to millions of client accounts. It seems unlikely that a hacker would be interested in your small business.
If only that were true.
As a small business, you’re actually more at risk. According to the cyber security report published by Symantec, one in 2700 emails sent to businesses with 250 or less employees is a phishing scam. The same is true for one in 6,500 emails sent to businesses with 1000-1500 employees.
Attacking your company may be less profitable because it doesn’t have as much data as a company like Google, but you also won’t have the highly advanced security that Google has. Few hackers have the right equipment, skills, and time to hack a huge corporation, but your small business is a softer target. For hackers, it’s quicker and easier for them to exploit and profit from your data.
Start with Security Awareness Training
First things first.
If you don’t have a cybersecurity specialist on staff, consider hiring a security awareness trainer to come in and brief you and your employees about cyber-attacks, how to recognize them, and how to avoid them. The training isn’t free, but it’s a worthwhile investment.
According to a report published by Hiscox, even though almost 50% of small businesses had at least one cyber attack in 2017, only a third of them have conducted tests to determine the phishing alertness of their employees.
Beef Up Security with an Email Scanning Program
This solution may or may not be free, depending on the program you use.
The upside is that these programs identify potential spam and malicious emails and quarantine them. You can assign one person in the company to check the quarantined emails to ensure that no legitimate messages get caught in the net.
The scanning program is an effective safety measure. Suspicious emails are removed before they land in your inbox, so it takes some of the guesswork out of determining which emails should be avoided. The programs also remove spam, saving you a lot of time.
See the Safety Detectives site for an overview of the Best Email Protection Tools for 2020.
Keep Your Programs Up to Date
“The truth is, it’s easy to skip software updates because they can take up a few minutes of our time, and may not seem that important,” says MacAfee. “But this is a mistake that keeps the door open for hackers to access your private information, putting you at risk for identity theft, loss of money, credit, and more.”
Many of the harmful malware attacks we commonly see exploit software vulnerabilities in common applications, like operating systems and browsers. These big programs require regular updates to remain safe and stable.
Software updates may also include new or enhanced features, or improved compatibility with different devices or applications, as well as the refinements necessary to increase the stability of your software, and remove outdated features.
It doesn’t pay to procrastinate software updates! They should be considered one of the most essential steps in protecting your information.
Learn More About Phishing
Sometimes it’s easier to click on random links in an email rather than take the time to find the site online and navigate there yourself. Unfortunately, that opens you up to Phishing attacks that direct you to sites designed to capture your username and password.
That’s just one form of phishing, though. Someone might contact you asking for a statement or a refund, for example, and your initial reaction probably wouldn’t be Phishing. But savvy Phishers are quite good at impersonating legitimate clients.
Unfortunately, that’s not the only way Phishers try to steal your data. Studies now show a shift in the way phishers approach their targets. Instead of pretending to alert the victim of a missed deadline, for example, phishers try to hook employees with entertaining content almost 20% of the time.
They do this so well, in fact, that the only indication may be a one letter difference in the email address. If you’re in a hurry, you probably won’t notice the difference…and then you could have a real problem on your hands.
Improve Your Passwords
It just makes good sense to use a strong password. But what classifies as a strong password today, is very different from what passed for one two or three years ago.
Today’s strong password should:
- have 16 or more randomly assigned characters
- include letters (both upper and lowercase), numbers, and special characters
That’s not all, though. If you use the same password for every site, your security may already be compromised. Why’s that a problem if you have a strong password? Because it could leave you open to a credential stuffing attack.
Say, for example, that you register with an online forum using the same details that you do for your internet banking. A hacker hacks the forum, because its security is lax. They can then create bots that will try using that password at various sites or sell the info to someone else.
Be sure to use a unique password for all sites with sensitive information. Then create a completely different password for registering on less secure sites. Worried about remembering all those passwords? They have secure password keeper apps for that!
Finally, consider changing your most important passwords once a month. That way, if someone has figured out what your password is, you can lock them out.
“The significance of employing secure passwords is more important than ever,” says Norton. “Hackers are hungry for passwords, as they have substantial monetary value.”
No doubt, you’ve heard plenty of stories in the media about high profile data breaches and password leaks, which leave thousands of accounts vulnerable to cybercriminals.
Two-factor authentication (2FA) gives you an added layer of security that hackers can’t easily access since they’ll need more than just username and password credentials.
Even though it helps overall cybersecurity in a meaningful way, LastPass claims that only 26% of businesses use multi-factor authentication.
Check Your Router and Smart Devices
Routers are the most popular entry point for hackers. Three quarters of all IoT attacks targeted routers in 2018, according to Symantec. Most people just plug their router in and go. Take things a step further and learn how to configure the router so that it’s more secure.
While you’re at it, check your other smart devices in the office. Printers are often targeted by hackers wanting to access the system. The Smart TV that you play presentations on could also be hacked.
The more you stay connected online, the more hackable your devices become. Choose your business devices wisely.
With digital technology comes the convenience of global connectivity, cloud services…and an ever increasing need for good cybersecurity.
“Cybersecurity is important because it encompasses everything that pertains to protecting our sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems from theft and damage attempted by criminals and adversaries.”
Pepare for potential cyber attacks by following the tips above. The more layers of cybersecurity you have in place, the better able you’ll be to limit the amount of damage a hacker can accomplish.
An Omnichannel Solution
Find out how retailers like you are saving time and making money with the Rain POS system. POS, E-commerce, and Marketing all in one.