Protecting your business’s online security needs to be a priority for business owners of all sizes and industries. But, it’s particularly a concern for small business owners who don’t believe that they’ll be a target of cybercrime. The truth is, 1 in 2 businesses surveyed in a 2014 National Small Business Association reported being victims of cyber attacks. That’s half. That’s 50 percent. Business’s don’t seem to be understanding this.
As a consequence, your business could lose revenue, assets, and earn an untrustworthy reputation. Even worse? It could be the end of your business since around 60% of of SMB cybercrime victims go out of business within 6 months of an attack.
One of the best ways stop putting your business’s online security at risk is by being proactive. Knowing how your putting your business in jeopardy – even if it’s an innocent mistake.
1. Rogue, careless, or uninformed employees.
Sixty-six percent of the 601 data protection and privacy training professionals surveyed for the Managing Insider Risk through Training & Culture report stated that their employees happen to be the weakest link when it comes security incidents or data breaches.
Even more troubling is that the report says that just 35% of senior executives believe that it’s a priority to ensure that their employees are knowledgeable regarding data security risks and their impact. Furthermore, 60% of employees are not knowledgeable, or have no knowledge, of the company’s security risks.
“It’s no surprise that employee-related security risk is their number one concern,” says Michael Bruemmer, vice president of Experian Data Breach Resolution. “As we have seen in our incident response service that we do for clients, about 80% of all the breaches we service have a root cause in some type of employee negligence.”
The solution: Train and educate yourself and your employees on cybersecurity basics like being able to verify transactions, how to identify obscure payment patterns, avoiding unsolicited emails, and reporting any suspicious activity immediately.
To prevent rogue employees from doing any damage to your business, closely monitor, control, and manage all privileged credentials to prevent exploitation. Also, implement protocols and infrastructure in order to track, log, and record account activity so that you can respond immediately. If an employee leaves your organization, make sure that your terminate their their accounts so that they can no longer access any of your business networks.
2. Not paying attention to electronic invoices.
Invoice fraud isn’t anything new. It’s been around since people started invoicing each other. While electronic invoicing software has helped reduce instances of sending duplicate invoices and overbilling for goods and services, there’s always a risk when you transmit data online, they’re not completely eliminated.
For example, if you emailed an invoice to a client. A hacker could intercept that message and alter the bank account information so that when the client pays the invoice it will be deposited into their account instead of yours.
The solution: Before sending an invoice, make sure the client is legit and isn’t scamming you by either getting you to work for you or steal sensitive data. Additionally, the security measures like two-factor authentication and encryption when sending information via email. And, work with a cloud-based invoicing software provider like Due. These companies do the security percussions for you, such as 256-bit SSL encryption, and come with additional features like time tracking tools to prevent employees from overcharging you.
3. Using personal, unauthorized accounts, apps, and devices at work.
There are times when you, and your team, decide to use your personal email account for business matters because your company email systems are too slow, do not allow large files to be emailed, or can not be accessed from outside the office. That may not seem like the end-of-the-world, but these accounts may not have properly installed anti-malware software. And, since you definitely can not monitor your employee’s personal accounts, it makes it more difficult to confirm who their sharing company data with.
Furthermore, when it comes to employees and their mobile devices,”Almost half [are using their device] without their employer’s awareness,” said Gartner analyst Amanda Sabia. These personal devices are not protected by security software. This makes it easier for cybercriminals to gain access to your company’s data. Another concern is that if there is already malware present on those device, after downloading a free app, it could potentially find its way to the computers, phones, or tablets that are used for your business.
And, what happens if you or an employee leaves a tablet with company information at a coffee shop or airport terminal. That data is now in jeopardy since anyone could pick-it-up and access this sensitive data.
The solution: Keep your work and personal lives separate. Have dedicated accounts for your email and social channels for personal and professional. Don’t use company devices for personal use and implement a clearly defined BYOD policy.
4. Putting Your business’s Online Security at Risk: Poor password hygiene.
Although we’ve been reminded about this a million times, we can all be guilty of not practicing good password hygiene by using weak passwords or using the same password over and over again. And, some of us foolishly hand-over passwords to certain accounts, like your social media accounts, to employees.
The solution: Only use strong, unique, and varied passwords for every service that you use. You can use a password manager like Dashlane 4 and LastPass to store and encrypt all of these passwords. So, instead of remembering multiple passwords, you just have to remember one master password.
As for your employees, encourage them to share compay messages on their personal channels. Encourage them to create accounts for them so that you’re not giving them your login information
5. Failing to encrypt data puts your Security At Risk.
“Encryption tools are very useful in keeping valuable information hidden from cyber criminals, because it renders the data inaccessible to prying eyes,” says Andra Zaharia for the Heimdal Security blog. In other words, encryption scrambles and converts data into a unique code so that it can not be understood by unauthorized users. This data can only viewed after it’s been decrypted through a password or private key.
The solution: Thankfully, most operating systems already come equipped with encryption tools. Even programs like Adobe and TurboTax save password-protected files in an encrypted format.
Remember, when you transmit data online, such as through email, make sure that it’s encrypted. Try using tools like VeraCrypt, 7Zip, and AxCrypt. And, never transmit this information over public Wifi networks.
6. Using outdated software.
This is Security 101, but it’s easy to overlook when juggling the multiple tasks and responsibilities of a business owner. But, make it a priority to update all of your business’s operating system and application software. This helps prevent cybercriminals from exploiting any security patches.
The solution: Install anti-malware (anti-virus, anti-spyware) software from reputable companies. Keep it up to date so that you’ll be able to detect, as well as prevent, any malicious software from infecting your systems.
The good news is that if you use cloud-based software and applications, this is done for your automatically. But, you should still double-check and make sure that you’re running the latest version.
7. Third-party service providers.
Technology has made certain tasks more convenient. It’s also become so specialized and complex in other areas that you need the support of outsourcers. It demands vendors who are familiar with specific systems. For example, if you run a restaurant, you probably outsource the maintenance. Management of your POS system to a third-party service provider typically as well.
This can be a problem since these third-parties default passwords to remotely connect all of their clients. If a hacker figures out this password, your company is now compromised. This is exactly how major security breaches, such as Target’s, occurred.
The solution: Before working with a third-party service provider, verify that they’re reputable. Verify they use security best practices like using multi-factor authentication, Make sure they requiring unique credentials for each user. Last but not least, that they lock down all remote access.