Actions Small- and Mid-Sized Businesses Can Take Now to Protect Against Cyber Threats
Small- and medium-sized businesses (SMBs) already tend to be easy targets for cybercriminals, as they don’t have the resources and infrastructure in place that larger enterprises have to identify attacks, alert and/or block an attack using pre-set security protocols and multiple technologies. Limited IT staff, little focus on cyber security, insufficient proactive planning, and lack of adequate staff training to mitigate human errors are also key factors.
Cyber criminals are creatures of opportunity so they are constantly looking for “low-hanging fruit”―which means any SMB providing online access to employees, partners, vendors, customers, etc. is at risk. And, with so many people now working remotely from home, SMBs can be particularly vulnerable.
Results of an Attack Can Be Devastating
Many SMBs are already seeing the economic impacts of the coronavirus outbreak, from supply chain disruptions to slower sales. Adding in the costs associated with a cyberattack could be severely detrimental. The stakes are very high.
According to Cisco, the average cost for SMBs recovering from cyber breaches is $500,000, with some SMBs reporting they incurred costs as high as $1 to $2.5 million following a cyber incident. And, many do not ever recover. According to the U.S. National Cyber Security Alliance, 60 percent of small companies are unable to sustain their business more than six months following a cyberattack.
Take Action Now to Thwart Cyberattacks
In addition to deploying proven, cost-effective technology solutions on the front end, SMBs can put these best practices in play to further strengthen their security posture during the COVID-19 crisis:
- Conduct an Online Security Risk Assessment: Determine what or who could threaten your network and assets (i.e. cyber criminals, disgruntled employees, malware, etc.) as well as the likelihood of it occurring. Estimate potential damages in each case. Rank which threats are the most important to protect against. Based on the identified security risks, evaluate the current solutions in place to provide protection against these threats. Identify any gaps in protection.
- Discuss Devices and Re-Evaluate Permissions: Mobile devices, such as smartphones and tablets, and the IoT continue to help drive business. Plan for how and when different devices will connect to your online network beyond the desktop. Assess current and potential online users to determine who has permission to access different types of data and information. Re-evaluate who should have that access as well as the type of access (i.e. read only, administration, etc.) they should have.
- Identify Accessible Information: This includes not only corporate data and other information but also employee, customer, partner, vendor and bank accounts. Determine which contain private or sensitive information. Conduct a thorough audit of all the transactions conducted online through your network, including those involving benefits, downloads, ecommerce, payments, banking, scheduling, etc.
- Establish a Back-Up and Recovery Data Plan: While it may seem obvious, this is a proactive stance that many a SMB overlooks. You should have a set system that automatically backs up data on a regular basis. Similarly, you should make sure your network is set to automatically check for the latest updates to make sure your company is always protected. This includes programs as well as antivirus programs that can identify and block ransomware and provide real-time protection against software threats like viruses, malware and spyware across email, apps, the cloud and the web.
- Train and Educate Employees: Human error will continue to drive data breaches so make sure both you and your company employees stay up to date on the latest security threats. Take actions to educate your staff about how to handle suspicious emails and critical company data.
Additionally, as cyber liability becomes a reality for SMBs, you may want to consider cyber insurance for additional protection―given that many SMBs simply do not recover financially from a single cyberattack. Prior to researching the options, review your business insurance coverage first. If your organization has standard business insurance coverages such as General Liability, Professional Liability, or Errors and Omissions, then find out whether you are covered for losses related to data breaches or cyberattacks.
The best defense is a good offense. With proactive planning and protection, SMBs can make certain their team is educated and armed with the right technology and tools to protect their company and data from the cyber crook looking for his or her next victim.