Five simple steps to minimize the risk of a cyber-attack on your small business
Every day, it seems another security breach makes headline news. Companies such as Apple, Twitter, Facebook, The New York Times — even federal government agencies have fallen victim to cyber-crime this year. Just last week my business credit card company’s fraud department alerted me that my account had been compromised in a cyber-attack.
While big companies make the news headlines, the real targets are small businesses just like yours. According to the 2013 Internet Security Threat Report from Symantec, there was a 42 percent increase in targeted attacks in 2012, and 32 percent of all attacks were aimed at businesses with fewer than 250 employees. That’s a three-fold increase from 2011. Yet many small business owners don’t believe their business is big enough to attract the attention of a cyber-criminal. Quite the opposite, small businesses are easy pickins’.
Most businesses today are reliant on the Internet. Technology provides the power to reach global markets, efficiently run operations, and manage finances from anywhere at anytime. Yet along with all those benefits, there is also significant risk.
Take wise precautions
You don’t have to be a technology guru to take smart and simple steps to minimize the risk of a cyber-attack on your small business. Here are a few things you can do immediately to protect your small business:
1. Create strong passwords.
My husband is a disaster when it comes to passwords. He has sticky notes all over his desk, and when he can’t find what he needs, his back-up plan is to call me. Typically, he uses some variation of the same elements for all his passwords, but he gets confused about what he used where. Yikes!
Don’t use the same password over and over, and don’t use one that is easy to guess. The longer your password the better, because it’s more difficult for a cyber-criminal to hack. The experts recommend a minimum of 12 characters if the site allows.
Make sure you store your passwords safely. Don’t use sticky notes like my husband. If you want to store them manually, file them somewhere away from your computer. It’s best to write down a clue rather than the actual password as another protective measure. However, downloading a password management program is a secure way to store your passwords.
One of the simplest ways for a cyber-criminal to access your proprietary information is from your computer or mobile device when you forget to log off. Think about how many times you leave your computer or mobile device unattended while you’re still logged-on. A cyber-criminal can easily and quickly access account information, log-ins, even financial information. So before you leave your computer or devices unattended for more than a few minutes, take a few seconds to log-off to protect your information.
3. Update systems.
Cyber-attackers are really smart folks. I wish they’d put their intelligence to work for a good cause rather than criminal activities, but unfortunately that’s not going to happen. What you need to realize is that as soon as you have updated your anti-virus software, web browser and operating systems, the cyber-criminals are already devising new methods to steal your information. To protect your business, you need to make sure you’re regularly updating everything. This should be a priority, not something that falls to the bottom of your “to-do” list.
To protect your business, you need to make sure you’re regularly updating everything.
4. Regular backups.
Even when you do everything right, there is still a risk of becoming the victim of a cyber-attack. Make backup copies of all important business data such as financial information, word documents, electronic copies of legal documents, databases, and customer account information. If possible, set your systems to back-up automatically, and if not, make it a process to do it at least once a week.
5. Limit employee access.
Not everyone on your team needs access to the same information, so limit your critical data access to those who truly need it to do their jobs. Require employees to have unique passwords that are changed at least every 90 days. And don’t allow any employee to install a software program without your permission.
The bottom line: a determined hacker can most likely crack any system, but why make it easy for them. These simple steps can minimize your risk and help you maintain the integrity of your company’s critical information.