As a small-business owner, you may think your organization is protected when it comes to cyber security. But the truth is, it’s probably not. Almost 80 percent of the more than 1,000 small businesses surveyed by the National Cyber Security Alliance and Symantec say their companies are safe from cyber threats; however, 83 percent don’t have a formal cyber security plan.
Is your small business safe? Following cyber security protection strategies put in place by experts is a great idea. In fact, Michael Kaiser of the National Cyber Security Alliance says, “For American businesses,cyber security is not a nice thing to have—it’s critical to their survival.”
Why Hackers Are Targeting Small Businesses
Maybe you’re thinking, “I only have a small business with fewer than 100 employees. Why would hackers target us?” Well, hackers have realized that it’s often easier to attack unguarded small companies than large ones that have cyber security plans.
Furthermore, cyber security is a growing concern for organizations of all sizes. Earning an online public safety degree may be a good idea if technical security interests you. This way you could protect your company and help other businesses as well.
What Small Businesses Can Do to Safeguard Their Companies
The first step is to realize that your business is at risk. Once you do that, you can begin to take action to protect your important information. When it comes to security, businesses are often vulnerable on the technical side and on the human side. To be secure, they must address issues on both sides—Web servers, email servers and databases, and employee accesses, physical infrastructure and more.
Here is a list of the 10 fundamental steps developed by the National Institute of Standards and Technology that can help small businesses protect themselves:
- Protect information systems and networks from damage by viruses, spyware and other malicious code.
- Provide security for your Internet connection.
- Install and activate software firewalls on all your business systems.
- Patch your operating systems and applications.
- Make backup copies of important business data/information.
- Control physical access to your computers and network components.
- Secure your wireless access point and networks.
- Train your employees in basic security principles.
Require individual user accounts for each employee on business computers and for business applications.
Limit employee access to data and information and limit authority to install software.
In October 2012, the FCC launched the Small Biz Cyber Planner 2.0, an online resource for small businesses to help them create customized cyber-security plans. On the website, it released 10 tips for small businesses. Many of them are mentioned above; the ones that are not are below.
- Create a mobile device action plan. Require users to password-protect their devices, encrypt data and install security apps. Set in place procedures for lost or stolen equipment.
- Secure your Wi-Fi networks. Set up your router so it doesn’t broadcast the network name, and password-protect access to the router.
- Employ best practices on payment cards. Check with banks or processors to ensure trusted and validated tools and anti fraud services are being used. Don’t use the same computer to process payments and surf the Web.
- Passwords and authentication. Require employees to use unique passwords and change passwords every three months. Implement multi-factor authentication.
Concerning password security, you should encourage employees to log out from a site when completing a transaction. And consider investing in a password manager, such as Norton Identity Safe.
Another good tip is to never use links in emails to access a transaction or financial website; instead, always type URLs into browsers directly.
Overall, it’s very important to stay up to date on security issues. New threats appear every day, so it’s a good idea to have someone within your company or a consultant who can help protect your small business from cyber security threats. You also want to check computers on a weekly basis to make sure antivirus, anti-spyware, firewall and operating systems are up to date.