Darin Myers is the local facilitator of The Alternative Board (TAB), a peer-to-peer advisory board designed to help company leaders maximize their opportunities and work through challenges. Darin recently retired after a 30-year career in the nuclear industry as the leader of Plant Vogtle I and II. He has proven success in strategic planning and alignment, employee development, organizational performance improvement, accountability, and coaching. Recently, he started a family business in Augusta focused on home health care, providing him the knowledge and experience surrounding small- to medium-sized business operators.
Here’s a startling statistic that just might shock you. In the last 12 months, 42 percent of small businesses found themselves victims of a cyberattack.
Most common among these were phishing attacks, which made up almost a quarter of cybercrimes against small businesses. Then came data breaches (18.6 percent), malware attacks (16.5 percent), denial of service also known as DoS attacks (14.8 percent), ransomware attacks (11.3 percent), and other cybercrimes (15 percent).
The point here is that there are many ways bad actors are trying to breach your systems and wreak havoc on your small business. And, if they are successful, it will cost your organization big bucks.
The average cost of a data breach on a U.S. small business is more than $100,000. And that already scary number is ticking up. Not to mention that the fallout of a data breach can gravely affect a small business’s ability to continue operations, negatively impact the safety and security of customers, and take years to recover from.
The point here is not to scare you as a small business owner, but instead, to create awareness around the importance of a cybersecurity strategy that adequately suits the size of your organization, identifies your vulnerabilities, and implements smart tactics and solutions to keep your business as safe as possible in an increasingly dangerous threat environment.
1. Employee Training
According to a recent IBM Cyber Security Intelligence Index Report, human error is the root cause of 95 percent of all cybersecurity breaches. Therefore, it is imperative to establish cybersecurity practices throughout your business, including strong password protocols, internet usage guidelines, and perhaps most importantly, awareness programs on common phishing email ploys and telltales.
Ensuring employee cybersecurity compliance should be a sustained and overt effort. Consider creating a Cybersecurity Employee Handbook and make it part of your employee onboarding and training program.
At the minimum, your cybersecurity policies should include:
- High-security password requirements
- Email security protocol
- Sensitive data best practices
- Social media and internet access rules
Again, email is the most common entry point for cybercriminals. Make sure your entire team understands the dangers and knows what to look for.
2. Keep Your Systems Updated
Many small businesses fail to recognize the importance of updated operating systems and software. A shocking number of small businesses are still using Windows 7, an operating system that is no longer receiving Microsoft security software updates or patches. While MS was providing some businesses with annual updates via its Extended Security Updates program, those too are likely set to expire soon.
Outdated and unsupported software leaves your small business systems more vulnerable to ransomware attacks, malware, and data breaches. Most malware targets older software, as cybercriminals are aware of vulnerabilities within these outdated versions, and thus, exploit them to gain access to systems and sensitive information.
The risk of outdated technology is enormous and the cost of a breach or cyberattack can bring a small business to its knees. So, keep your systems and software up to date.
3. Back up Everything
Data backup is the process of copying and storing digital data from a primary location to a secondary system so it can be restored should a data loss or corruption even occur. In the case of malware or ransomware, even if the initial breach is remedied or the ransom paid, around 60 percent of victims’ data is lost or irretrievably corrupted.
For small businesses, backing up to an external hard drive might be enough for a data backup and storage solution. If your business has a Local Area Network (LAN), you can back up data to another computer or server, though the potential of physical threats (like fire, tornadoes, flooding, etc.) might leave them vulnerable. Cloud backups, also known as online backups, are services in which data and applications are backed up and stored on a remote server.
Regardless of which method you decide is right for you, back up your systems as often as possible. Some solutions even allow for automatic backups every five minutes. While this frequency might seem excessive to some, experts urge small businesses to perform data backups at least daily.
While cybersecurity solutions and safety tactics are evolving literally every day, it is imperative that small business owners understand the current threat landscape and create smart strategies to maintain the safety of their data and systems. Even the most basic approaches, like the ones outlined above, better position your small business to prevent or survive a catastrophic hacking event.
