The statistics are alarming. According to the Better Business Bureau, almost half of all Canadian SMBs have been victimized by a cyberattack and 71% have experienced a data breach.
The increase of such attacks on SMBs is deliberate. Cyber criminals target small and medium sized organizations for two reasons. Hackers know that the IT systems are less likely to be adequately protected from taking what they want—personal identifiable information, passwords, credit card data, intellectual property, etc. They also know that gaining access through an SMBs value chain is an effective way to gain access to prime targets (banks, government, larger corporations, etc.).
With fewer financial and human resources, SMBs are vulnerable. Some make the mistake of believing that an attack won’t happen at their company. Others decide to avoid the topic and face the consequences if something happens.
It’s not a case of if, it’s a case of when, and when it does happen, cyberattacks can cause devastating financial losses and liabilities. Only through greater awareness and cyber security best practices, can SMBs take steps to mitigate most threats. Here are the 5 most critical.
1. Train and Educate Staff
Human error is the leading cause of data breaches, so companies, regardless of size, need to equip staff with the knowledge of what constitutes a potential threat, and how to protect the company.
Training and education in security (which starts at onboarding) should be in place to help staff apply best practices to real-world situations. Topics should include:
- How to recognize a potential attack – This reduces the chances of falling prey to attacks such as phishing, malware and ransomware.
- Controlling physical access to company and personal devices – Staff should learn how to secure their personal and company devices such as workstations, phones, and laptops that aren’t in use.
In addition, there should be clearly stated rules on the appropriate use of the Internet, social media and email, with penalties in place for violating such rules. For example, no one should connect a personal device (even a storage device) to the business network. Training should be followed by regular security vulnerability assessments to keep everyone on their toes.
2. Enable Cyber Security Software and Keep it Updated
Infection by malware, which includes annoying (and scary) ransomware attacks, account for 53% of all cyberattacks on SMBs. Malware showing up on mobile phones is now of particular concern over the past year.
Existing anti-virus tools (such as ones that come with a company’s hardware) are not very effective against attacks because of the ubiquitous nature of most malware these days. Malware has an astonishing ability to change almost as quickly as new anti-virus tools are developed. Malware is also able to do its damage by lurking in the background, and by the time it is detected by an anti-virus program, it is too late to save a company’s data.
The trick is to prevent malware viruses from entering a company’s IT system in the first place. Choose an antivirus software and strong firewall designed to stop more than 95 percent of malware. Make sure the program or device is constantly updating and scanning automatically for malware. This includes screening email attachments before they are opened, and checking websites before they load.
Updates are designed to block any new viruses or malware immediately. Never ignore an update! As soon as someone clicks, “Remind me later”, company data becomes vulnerable. Policies can be put in place to ensure only up-to-date systems have access to the company network.
3. Password Management
Weak or stolen passwords are still one of the major causes of security breaches. Despite these statistics, over 80% of Americans still admit to using what are considered weak passwords; and over half have reused the same password in more than one system!
Every password-protected account connected to a company is a doorway into the business. Implementing a strong password management policy with multi-factored authentication is one of the easiest (and least expensive) steps a business can take.