Only one in four small business owners feel their business is well prepared for a cyber attack, according to a recent survey. The figures released by Netwrix, a data security and risk mitigation platform provider, show that 73 percent of small businesses don’t employ a separate information security function, leaving them particularly susceptible to cyber attacks.
While it’s the security breaches at big names like Home Depot and Target that generally garner national headlines and attention, small businesses are prime targets for hackers because they generally have less security in place and oftentimes underestimate their level of risk.
Forty-three percent of cyber attacks target small businesses specifically, according to a 2016 study conducted by Symantec, and sixty percent of SMBs that suffer a cyber attack go out of business within six months. The need for improved cyber security increases every day as scammers evolve and change their targets.
When you consider the numbers, not to mention the potential for reputation and financial damages, your small business can’t afford to not implement and maintain a cybersecurity strategy.
Many small businesses just don’t have the manpower or the budget for designated IT teams, and according to the Netwrix data, 88 percent said they don’t use any software to manage risk or govern their information security. While insufficient staff, cost and time constraints and lack of training tend to be the biggest factors contributing to this, taking measures to protect your business doesn’t have to be expensive or time-consuming or require a team of experts. Here are some steps to take right now to decrease your chances of becoming a target:
- Employ cyber security solutions that include antivirus software, Internet security, firewall protection, mobile device management, multi-factor authentication and security for consumer credit card information. Here are a few options to consider.
- Put in place some policies for getting all of your employees up-to-speed on handling data, appropriately and safely using the company network and becoming aware of risks such as opening emails from unrecognized senders and clicking on attachments.
- Use complex passwords and manage them with a password management utility such as LastPass or Dashlane. Be sure your passwords contain at least 12 random characters, never use the same password for all accounts and put in place procedures for changing sensitive passwords when employees leave the company.
- Back up your data in the cloud. Backing up your data is essential for many reasons, but especially in the event of a breach; if your information is compromised you’ll be able to recover a clean copy of it from an alternate location. If you haven’t already, consider moving your data to the cloud. It’s convenient and secure, and if you feel uncertain about your ability to manage backing up your data regularly and safely, you can employ a Managed Service Provider to handle regular data backups in multiple safe locations for you.
The good news is that legislators are also getting involved in stressing the importance of a cybersecurity strategy for SMBs. Late last month a bipartisan group of lawmakers, including the House and Senate Small Business committee chairmen, introduced a piece of legislation to the House that would create cybersecurity training programs for staff at small business development centers. The Small Business Development Center Cyber Training Act would require 20 percent of small business development center employees to receive cybersecurity training they can then pass on to SMBs in their areas. You can track the progress of this bill here.