Cybercrime is increasing, and not just for big business. Small businesses face the same cyber threats that big businesses fight, but with far smaller budgets. Small businesses are especially attractive targets because they often manage their financial information, customer data, and other sensitive information in-house on servers internally. They often do not have the security protections that larger businesses invest in.
In the 28 years I’ve worked in network and information security, I’ve seen businesses collapse or suffer severe financial or reputational damage from data breaches or malware (malicious software) attacks. Greater Nevada Credit Union is sharing basic information security practices that will help significantly strengthen a small business’ security posture — and they don’t break the bank.
Be proactive in protecting your business information assets. According to a report by IBM and the Ponemon Institute, the average data breach cost for businesses with fewer than 500 employees is $2.98 million. The time to protect your business and your future is now.
One of the best ways to proactively protect your business information is to empower your employees to protect the business by investing in cybersecurity awareness training. Phishing (email), vishing (voice phishing), and smishing (SMS phishing) are the top cyber risks. Most data breaches and malware attacks begin with clicking on links in email or text messages or giving sensitive information to a scammer over the phone. Teach employees to avoid clicking on links or opening attachments.
Another important consideration is to install reputable antivirus and anti-malware software on all computers and devices. Keep software up to date. Regularly update operating systems, software, and applications to patch vulnerabilities. Apply server updates in a timely manner when they are released to mitigate vulnerabilities that are discovered.
Strong authentication will also allow you and employees to protect your financial assets. Use complex passwords, consider password management platforms, and implement multi-factor authentication for internal systems as well as cloud platforms. For maximum protection, backup systems regularly and store them offline and offsite. Test backups consistently to ensure they’re working properly.
It is also important to assess the security practices of partners, third-party vendors, and service providers to ensure that they are handling your data securely. Although a business can contract with a partner to store and process data, the ultimate responsibility for your data is yours.
As small businesses process payments and pay vendors, the payment systems you use must be trusted and secure. Find out what your credit union or bank does to protect your information and money including anti-fraud, suspicious activity monitoring, firewall protection, and account alerts. Many organizations such as Greater Nevada Credit Union comply with best practices set by the National Institute of Standards and Technology, which provides the standards for recommended security controls at federal agencies.
Lastly, assess your business’ cyber risk. The Cybersecurity and Infrastructure Security Agency offers free cyber vulnerability scanning for small businesses, which can help assess your exposure to threats and address the next steps needed to protect your digital systems. You may also consider cyber insurance options to mitigate potential financial losses from cyberattacks.
It may seem like a lot of work to implement cybersecurity measures for your business, but your attention and investment up front will pay off in defending your company and your customers from cyber crime.
Stephen Root is vice president of information security for Greater Nevada Credit Union.