One of the most crucial considerations when you’re launching a company should be cybersecurity. You might assume your firm won’t be at risk, but research has indicated that a surprising number of cybersecurity attacks focus on small businesses.
According to research from the Ponemon Institute, 58 percent of malware attacks victimize small businesses. What’s more, cyber-attacks in 2017 resulted in a loss of more than $2.2 million for small and medium-sized businesses.
Cyber-attacks are becoming steadily more advanced and sophisticated, and small businesses make a tempting target because often, they’re not adequately shielded. If you’re a business owner, you might want to take a few essential steps to secure your operation.
Secure Your Gmail Account
Many startups use Gmail for email because it’s free and easy to use. It also has many features for sharing and collaborating between clients and co-workers.
However, Gmail was designed to be a personal email system and not a business one, so it raises a few cybersecurity concerns when used in a commercial setting. An article from the email and file encryption provider Virtru recommends securing Gmail on a commerce level by following a simple checklist.
“Google provides an easy checklist of steps you should take to secure Gmail,” the article says. “Some of the more interesting steps take advantage of some features that most users don’t know about, such as the ability to see the IP addresses (and locations) of the last people to access your account, enabling you to see when an unauthorized user is snooping around your inbox.”
The article also discusses the importance of using safe passwords, turning on two-step verification, and recognizing phishing attempts. The critical step for outfits that transfer sensitive information between clients or vendors is Gmail encryption.
“Encryption protects your inbox by making the contents of your emails unreadable without a special key,” the article says. “This is the one tool that protects your messages while they’re in transit, so even if an email is intercepted, your information is safe.”
Change Passwords Often
Any cybersecurity risk-management specialist will encourage you and your workers to create strong passwords and change them often. “Don’t underestimate the importance of creating strong passwords,” says an article from Tripwire.
“A common tactic hackers use to access systems and servers is spamming countless username and password combinations. Known as a brute force attack, it’s a rudimentary yet oftentimes effective tactic. To protect your business from brute-force attacks, you must create strong passwords for all privileged accounts and change them on a regular basis.”
Unfortunately, too many employees don’t grasp the damage to which they can expose themselves and you with a weak password. According to statistics, about 86 percent of passwords are considered weak or easy to guess.
The most common passwords include a sequential list of numbers, qwerty, password, and abc123. Those are the first passwords a hacker is likely to try, so make sure your employees use a strong password for every account.
Hold Employee Security Trainings
Multiple investigations into the causes of cybersecurity breaches in companies of all sizes show that the number-one cause of breaches is employees. When employees are careless, ignorant, or even belligerent, they may create serious security breaches that can cost a company millions.
“Create a cybersecurity policy for your business,” recommends Mike Kappel of Forbes. “It should contain cybersecurity best practices that you expect employees to follow. Include procedures for keeping employee, vendor, and customer information safe. Your cybersecurity policy should also contain protocols that employees must follow in case there is a breach.”
Once you’ve developed a policy, schedule frequent trainings to reduce the chances that any employee may claim ignorance. These trainings can occur in the form of meetings or emails.
“Send out regular computer security tips for employees, especially as you learn new things or set up new security processes,” Kappel adds.
Have a Plan
If you’ve paid attention to the statistics, you’re probably aware that very few small companies have never experienced a hacking or breach attempt at some point. You need to have a plan in place for when such an attack strikes.
A good plan will help you recognize potential hacker attempts and how to mitigate risks when someone successfully breaches your business. Start with a plan to protect your operations.
“Always harden your environment. [You need] constant management and review of system users, routers, IP addresses and data usage trends,” says Kyle Smith of the entrepreneurial community SourceLink.
“Consider setting up monitoring alerts that are easily put in place and not intrusive or burdensome. Better still, alerts may warn you of an attacker that has already started ‘casing your business’ and how the attack has started.”
Smith also encourages business owners to know what to do when they experience an attack. “Having thought through this upfront will help you know who will help you identify the scope of the breach, how to shut down the breach point, who you will need to contact (stakeholders, partners, customers, regulators, etc.) and when.”
Cybersecurity is no laughing matter, and your businesses is only as safe as the plans and policies you put in place.