We’ve all heard about cybercrimes involving Target, Sony and the US government. It’s easy to assume that your small business or non-profit is too small or insignificant to be a target for cybercriminals. This is a really bad assumption.
Personal statistics and financial information, such as birthdays, bank accounts or credit card information are valuable commodities for thieves. Stealing this type data from a small business with limited or no computer security system is low hanging fruit for a cybercriminal.
Not convinced? Here are a few facts:
- Of 855 data breaches examined, 71% occurred in organizations of less than 100 employees. (Verizon 2013)
- 50% of all small businesses have been the victim of cyberattacks. Costs have reached nearly $21,000 per attack. (NSBA 2014 Economic Report)
- 90% of small business respondents said their organization’s computers were breached in the last 12 months. (Ponemon)
Most small businesses confront three similar threats. There are many more, but we’ll start here:
Malware: This is the term for malicious software that attacks a system via a virus, worm, Trojan horse, spyware, adware, keylogger, botnet/bot, rootkit or ransomware.
Phishing: Attackers look for personal or private information by sending an email request that appears to be from a legitimate source. The victim, often you or your employee, is tricked into sending sensitive information via email or by submitting information to a website. In spear phishing, the email appears to come from an individual in the company or from a position of authority.
Pharming: This attack may corrupt a server or a computer’s files to redirect a user to a fake website without the victim realizing it and then steal valuable personal or private information.
Cybersecurity is a daunting subject for most small business owners. Where should you begin to protect your business? Let’s start with a few basics:
- Physically lock away your server and technical equipment to eliminate unauthorized access.
- Use proper networking equipment, such as firewalls, to impede unwanted network access.
- Insure that your software, malware/antivirus and spam filtering services are all up-to-date.
- Don’t open emails from unknown sources or click links embedded in suspect messages.
- Establish Internet use guidelines and email policies for your team.
- Delete unused email accounts or online accounts when employees leave or services change.
- Continually educate your staff on cybersecurity and the need to protect data and equipment.
It’s not if, but when, your small business will be a victim of a cyberattack. Your IT team or service provider is a great source for more information and recommendations about securing your computer systems and data. Addressing basic cybersecurity now will save your company both time and money in the future.
Page Moon and Elizabeth Chisman Moon are the co-founders of Focus Data Solutions, Inc., an IT management firm located in Alexandria, VA. The firm specializes in professional technology services for business.