"The five most efficient cyber defenders are: Anticipation, Education, Detection, Reaction and Resilience. Do remember: "Cybersecurity is much more than an IT topic." ― Stephane Nappo
In today's digital age, small businesses face ever-growing cyber security risks. Most businesses today are getting online in some capacity – whether it be on their website, social media, or for everyday operations like payroll or ordering supplies.
In the early stages, small business owners often make many decisions, and, unfortunately, cyber security measures are left by the wayside – creating a sweet spot for hackers.
It’s easy to think that cyber security is an IT topic; however, a shared responsibility approach is crucial to protect sensitive financial data and customer and business information from data breaches.
In this blog post, we’ll explore the importance of cyber security and some best practices for small businesses to safeguard their data from online threats. By implementing these measures, you can mitigate risks and be proactive in protecting your business from potentially devastating financial and reputational damage.
Please be advised that this blog post does not constitute professional advice, it is for informational purposes only, and we suggest you contact a cyber or legal professional to get advice on this subject.
Do Small Businesses Really Need Cyber Security?
A survey by The Insurance Bureau of Canada (IBC) reported that in 2021, 41% of small businesses that suffered a cyber-attack reported that it cost a minimum of $100,000.00.
Many types of cyber-attacks exist, but social engineering attacks such as phishing and denial-of-service attacks are the most common types impacting small businesses. Other types of cyber-attacks include the deployment of malware, such as ransomware.
Not only can you expect to pay a pretty penny if your business is subject to a cyber-attack, but the event will surely bring on business disruption, stress, inconvenience and possible irreparable harm to your business's reputation. It is, therefore, essential to have a cyber security plan in place.
The Basics: Your Cyber Security Goals
The Canadian Centre for Cyber Security lists the three fundamental goals of cyber security as:
Confidentiality – keeping employee and client financial records secure and only accessed by those who have permission
Integrity – ensure the integrity of the information and assets (such as software) is in good working order, uncorrupted and up-to-date
Availability – Maintain the availability of systems (such as networks), services and information if and when required by the business or its clients
To get started, you must first:
Identify any assets that must be secured (essentially any valuable information within your business)
Identify the threats and risks to those assets
Safeguard those assets to prevent or manage any type of data or security breach (could be in the form of software or policies within your business)
This process is cyclical as the technology is constantly changing, and therefore, you must adapt your safeguards to the ever-evolving online landscape.
Best Practices: Your Small Business Cyber Security Plan
“The best offense is a strong defense.” – Jack Dempsey
The Microsoft Digital Defense Report of 2022 indicates that “basic security hygiene still protects against 98% of attacks”. The key factors they’ve listed include:
1. Enable Multifactor Authentication
2. Apply Zero Trust Principles
3. Use Modern Anti-Malware
4. Keep Up to Date
5. Protect Data
To ensure compliance with the key factors above, you'll want your Cyber Security Best Practices Plan to include the following:
The most common best practice is to ensure to install advanced anti-malware software on all of your devices. Anti-malware software will scan and block any incoming files that may contain malware and deem them suspicious. While malware can be complex, many threats can be countered by having the appropriate anti-malware software installed.
Developing Policies, Standards & Training
Putting a formal cyber security policy in place will ensure all your employees are aware of the standards when it comes to internet use policies, social media policies, etc. Your employees must know how to conduct themselves to protect the business's information effectively.
Depending on the size of your business, it may also be a good idea to conduct cyber security awareness training so that employees can be better informed on the threat of poor cyber security hygiene.
Strong Passwords & Two-Step Authentication
Having a password policy or using a password manager (a program that generates and stores passwords) is important to ensuring malicious actors do not use employee passwords to access sensitive business information. You should advise your employees to change their passwords regularly and remind them to keep their passwords confidential. The use of the same password for multiple accounts should also be prohibited.
The Canadian Center for Cyber Security recommends:
Avoiding common words such as “password” or login”
Avoid simple sequences of numbers such as “1234”
Avoid easy-to-guess personal names such as a child’s first name
Create passwords that are more than eight characters in length
Use a combination of numbers, uppercase and lowercase letters, and special characters.
Two-factor authentication is a practice that adds another layer of identification, which makes the system more secure. The first factor is normally a password, and the second factor confirms the person's identity, such as a token code sent to an alternate email address.
Stay Up to Date
Ensuring your software is current will confirm that all security updates have been configured on your system. The software can often contain exploitable bugs, which create vulnerabilities in your system. Updates often include patches to fix weaknesses in software, so regular updates must be scheduled promptly.
Not only can cybercriminals steal PIN numbers and card data, but your Point-of-sale (POS) system can be another gateway to your computer network. If your business relies on a POS machine to process business transactions, it’s important to ensure your machine is secure by:
Ensuring the system is behind a firewall
Using encryption for transmitted data
Not using the username and password provided by the manufacturer
Keeping malware software up to date
Limiting client data to only employees who require it
If your employees will be travelling and accessing the business system while doing so, it's important that the WIFI they're using is secure to prevent hacking. Using a Virtual Private Network (VPN), an extension of your internal network, assists in keeping your system safe.
Employees should also be advised not to use public Wi-Fi connections as they're rarely secure. Instead, employees should be advised to use secure hotspot connections (such as to their business cell phones).
Get Proactive with Your Cyber Security
Small businesses must remain vigilant and proactive in their approach to cyber security. By implementing the best practices outlined in this blog post, you can secure your system, protect valuable data, and maintain the trust of your customers.
Cyber security is a cyclical process, so it's important to stay informed about the latest threats and software so that you can continuously adjust your cyber security strategy. With the right strategy in place, you can be confident that your financial data is secure so that you can continue to focus on what matters most – growing your business and keeping money in YOUR pocket.
Start implementing your cyber security best practices today so you can confidently navigate the digital landscape and secure a prosperous future for your small business!