Cybersecurity at Your Business: What You Might Not Know
October marks Cybersecurity Awareness Month, so let's take a minute to debunk three misconceptions about online security breaches and threats at small businesses and what it takes to guard against them.
Myth: Small businesses don't need to be concerned about cybersecurity risks because there's a lack of interest from would-be cybercriminals or other hostile actors.
You may think your company needs to be bigger or your data needs to be more valuable to protect from hackers or attackers. But in reality, says the National Cybersecurity Alliance (NCA), every business can become a target, regardless of size, and every business has data worth protecting.
"All data is valuable," says the nonprofit group.
The data of interest to cyber criminals at your business, NCA says, could include employment records, tax information, confidential correspondence, point-of-sale systems, and business contracts.
Hackers could see small businesses as "low-hanging fruit,” partly due to their presumptions that there may be a lack of cybersecurity in place.
Bradford Willke, acting director of Stakeholder Engagement and Cyber Infrastructure Resilience (SECIR) division of the Department of Homeland Security, told a June webinar that small businesses face cyberattack risks, that it's not always just the most prominent companies.
“I’ve heard: ‘I’m so small. Why would they care about me?’ But you are a gateway into the supply chain of others,” says Willke in a blog posted by the U.S. Chamber of Commerce.
Myth: I don’t have enough time, money, or reasons to take steps toward making cybersecurity a priority at my business.
If this is you, think again.
Please take notice of this reason: While 2 out of 3 respondents told a survey by Keeper Security they believed a cyberattack is unlikely, 67 percent of SMBs experienced a cyberattack in the last year.
Indeed, cybersecurity concerns often rank low on priority lists for business owners.
In the Keeper Security poll, 60 percent ranked cybersecurity in the bottom half of priorities when compared with other business imperatives, including sales, recruitment, quality of internal tools, marketing, and contributing to social good.
The survey, which polled 500 senior decision makers at SMBs, ranked recession (28%), damage to public reputation (19%), and a business model disruption (17%) as the most prominent threats to their businesses, writes Craig Lurey, CTO and co-founder of the cybersecurity software company, in a blog on the Keeper Security website.
However, experts agree that small business owners should shift their thinking -- and advise businesses of all sizes to prioritize cybersecurity and take action before a security threat or breach appears.
Here’s what the liNational Cybersecurity Alance advises small businesses to do: Take an immediate assessment of the data you create, collect, store, access, and transmit, and then classify that data by its level of sensitivity so you can take appropriate steps to protect it.
This is called a cybersecurity risk assessment, and it’s an important initial step because it can identify the most vulnerable areas of a business, says the SBA. It helps you create a plan of action, which should include guidance on user training, securing email platforms, and protecting your business’s information systems and data, advises the agency.
Myth: It takes an in-house IT and cybersecurity team to keep your business protected.
White, it’s true that bigger companies may have more money or resources for a dedicated staff to cybersecurity than you do, but that doesn’t mean you should do nothing to protect your business.
This “misinformed thinking” can create an analysis paralysis, says Peggy Eisenhauer, attorney and founder of the law firm Privacy & Information Management Services.
"I see a lot of 'We didn’t know what to do — so we didn't do anything,'” she says in the U.S. Chamber of Commerce post.
What can you do without a big team or big money?
For starters, make sure to change passwords regularly, keep employees informed and trained about how to avoid email phishing, and take advantage of the security features you have with preloaded software, such as turning on two-factor authentication.
It's an ongoing practice to keep your business and customer data safe. We hope these cyber security tips and best practices can help.