As a small business owner, you might not have the capital, foresight, or internal expertise to deal with cyber security threats such as hacks of customer data records and personal information or leaks of financial information or intellectual property. 

While ensuring cyber security might sit on the back burner for you, it is important to realize that according to the National Cyber Security Institute 50% of all small businesses experience a cyber attack and 60% of those victims go out of business within 6 months. Additionally according to Towergate insuranceabout 70% of small businesses have no formal security regarding cyber security. Don’t be one of those who ignore cyber security in the present and then regret it. This article will guide you through the top cyber security threats and how you can prevent them.

Here are the top 5 cyber security threats for small businesses: 

Ransomware attacks:

This type of attack is exactly what it sounds like-hackers get access to sensitive information such as payment details of your customers and extort you for large sums of money. Both paying out exorbitant ransom or letting information leak are detrimental to your business. 

Phishing 

Phishing refers to the process of using social media or emails to get you to divulge sensitive information such as usernames and passwords or even social security numbers. Most common phishing attacks against small businesses include misleading emails claiming to be bills or small business loans that ask for information regarding credit checks or “tax purposes”.

Distributed Denial of Service

DDoS attacks happen when a person or group of people send multiple requests to your server to overwhelm it and cause it to slow down or eventually crash. Think about how useful this could be to possible competitors or enemies of your brand during peak sale days such as Black Friday etc. if you’re a merchandising firm. If your website goes down, your customer will be unable to access it and they might start looking elsewhere.

Password attacks:

There can be two different types of password attacks: brute force attacks and keyloggers. Brute force attack involves trying several random passwords as an attempt to ‘crack’ your password and steal your businesses information. Keyloggers are software that track keystrokes, and these eventually lead to someone being able to guess exactly what your administrative username and password is.

Inside attack

This cyber attack is akin to getting stabbed in the back. It usually involves a disgruntled employee or business partner that misuses their access to leak proprietary information. 

How to safeguard against these threats?

Secure your web servers

While creating a website on an easy content management system such as WordPress might seem like an effective cost saving measure in the grand scheme of things, it is important to consider that these open source systems are highly susceptible to data breaches and cyber-attacks. It is therefore worth the money to invest in a custom-built website that does not use susceptible features such as FTP (File Transfer Protocols) or a MySQL server. 

Backup your server and emails. 

It is absolutely essential to back up your servers to a local server. That way if a user accidentally deletes data, there is still a backup present to relay back to. Your email correspondence should also be backed up on to a separate server. This allows for detailed records to be kept and once you delete current emails after backing them up daily, any hackers will only have access to a limited number of emails. My suggestion is to use a service like Migadu to back up all corporate emails. You should also make sure to have 2-step verification enabled on all your email accounts.

Anti-virus software

This should be a no-brainer, but you would be surprised at how common it is for small business to forgo investing in a high-quality anti-virus software. If you have any kind of office-issued laptops for your employees, then you must have updated anti-virus software on each of those to prevent any malicious software.

Strong Passwords

If your password is “password123” then you should definitely be expecting a hacker to cash in on your system. It is essential that you and your employees have difficult passwords. I suggest utilizing a secure encrypted password system such as Enpass to both generate randomized passwords and keep your password safe on their server so you don’t have to remember it or write it down somewhere. I also recommend instructing employees to change their passwords every two months or so to reduce the risk of password attacks.

Encrypt sensitive data.

It is best practice to encrypt all sensitive data such as client and employee details (home addresses, payment details) and any upcoming projects. If your encrypted data gets hacked, it will be unusable for the hacker. For a mac computer you can use DropDMG and for Microsoft computers you can use veracrypt. These apps ensure encrypted storage for all your data.  

Have a solid data breach response plan. 

In case of an emergency, there must be streamlined steps towards reporting and amending the situation. The first step would be to notify your cyber insurance carrier so their contact information should always be kept safe. Responsibility must immediately be assigned to IT professionals within the organization to ensure that a proper inventory of events and evidence is maintained. You must also inform your legal team and local law enforcement, especially in the case of sensitive data breaches. Lastly, your public relations team or agency must immediately start controlling how word about the cyber-attack gets out. 

Conclusion:

Taking your small business to the next level requires extreme attention to detail in all areas, especially cybersecurity. You must invest in safeguarding your small business against cyber security threats to ensure continued operations. Prevention is always better than a cure, especially when the “cure” in this case can be up to $53,987 on average per cyber attack according to Continuum’s report on cybersecurity in 2019.

Some interesting statistics from one of the most widely regarded reports in the cybersecurity industry- Underserved and Unprepared: The State of SMB Cyber Security in 2019:

Some more notable statistics: 

80% of small businesses worry about a potential cyber security attack in the next six months.

62% of small businesses report that they simply lack the skills to have an in-house cyber security specialist

52% of small businesses feel absolutely helpless in the face of cyber attacks

43% of all cyber-attacks are against small businesses

Sources: 

https://page.continuum.net/resources/downloadables/white-paper/bf/thank-you/underserved-and-unprepared-the-state-of-smb-cyber-security-in-2019

https://smallbiztrends.com/2016/04/cyber-attacks-target-small-business.html

Thomas J. Allen, President of BrainScanMedia.com, Inc., Website: https://www.brainscanmedia.com/