13 Cyber Security Tips for Small Business Owners
If you think your small business is immune from cyber attacks, think again. In the last several years the number of cyber attacks against small businesses has risen dramatically. At best a cyber attack on your business could mean the loss of productivity and resources; at worst it could send customers running and shut down your business. These tips will help you understand your vulnerabilities and how to take action to make your systems more secure.
- Understand the Risks – Attacks come in many forms, such as viruses, malware, cyber extortion and data theft. Cyber extortionists hold your information or system hostage in return for payment. Data thieves will steal client information for use in identity theft rings or other criminal activity. Leaving client data unprotected is particularly bad for business. While losing a customer’s data would likely mean losing their business, depending on the nature of the loss, the client may also seek damages from you in court. Healthcare/Medical and Accounting/Bookkeeping and financial are particularly vulnerable.
- Eliminate Common Vulnerabilities – Cyber criminals will generally seek the path of least resistance. These often include weak passwords, unchanged default settings and untrained users. It is important to require the use of strong passwords throughout your business. Never leave default security settings on devices or share common passwords throughout your business. Limit access to critical systems and client data to employees who truly need access.
- Install Updates – You should complete software updates in a timely manner. Hackers are constantly looking for software vulnerabilities. Software developers create updates to fix known flaws. Failing to update your software is like leaving your door wide open to cyber criminals.
- Utilize Security Tools and Settings – Protect your network with a firewall, which will block any unauthorized access. Encrypt mobile devices and laptops to protect any data outside of your network. Install antivirus programs on all computers and update them frequently to prevent the latest viruses and malware.
- Back up Your Data – It is vital that you back up your data. Having an offsite backup service will help shorten recovery time from a cyber attack or other IT disaster. Consult a trusted IT professional about the best options for your business
- Encrypt Data and Email-If you travel or have devices outside your office and access to the network from outside of the office or handle any kind of PII or sensitive client data this is crucial.
- Prioritize your information assets. You don’t need to protect everything. Focus first on protecting the most important information. Inventory your information assets so you can prioritize security efforts to avoid wasting time and money.
- Diversify systems and where information is stored. Keep critical information and systems separate from the computers used to browse the Internet and check email. Ask your bank and other companies involved in the exchange of sensitive information about two-factor authentication.
- Cyber Security Policy – A cyber security plan should set clear and concise ground rules for your employees and managers. The FCC offers a helpful online tool that allows you to develop a customized cyber security plan for your small business. You can access the FCC Small Biz Cyber Planner 2.0 at www.fcc.gov/cyberplanner.
- Train Employees – Once you have a plan in place you must pass that knowledge on to your employees. Provide them with a copy of your cyber security policy and have them sign an acknowledgement that they received, read and understand the policy. Make sure employees feel comfortable reporting potential vulnerabilities and asking questions.
Cyber Security Coverage for the business and your employees-It’s not a matter of “if” but when your business and/or your employee’s data is stolen. Cyber Liability coverage and Identity theft plan with full restoration will give you and your employees piece of mind that you’ll still be in business and that they will have their life
- Data breach insurance (for the business). This often includes coverage for consulting during a data breach, as well as support for breach notification, call center handling, credit and fraud monitoring, and fraud remediation. Coverage for legal defense and liability is less common, but still possible. Check with your insurance carrier to determine what your policy includes. Note: Cyber insurance may include data breach insurance. But the two are not one in the same.
- Cyber liability insurance. Cyber liability insurance also takes many different forms. It may include the restoration of data for critical systems, business interruption coverage, and liability coverage if a network or website caused or was used in a breach or attack on another company, as well as the loss of use and/or IP infringement. Consult your insurance broker to for a clear understanding of your coverage and requirements of the policy
- Identity Theft Coverage for employees and their families- As an employer you cannot guarantee that your employees data will not be stolen by any of the third party vendors you work with.
- Outsource to Top Professionals-Make sure you have a team of cyber security and coverage experts who are competent, well thought of and carry at least $1 million in professional liability coverage. Staying up to date with monthly and quarterly visits/analysis is important and for most businesses, daily monitoring by a competent IT company. But don’t just farm it off….listen, learn and institute their recommendations and constantly monitor how well recommendations are working for your company.
- Don’t worry about sticker shock The reality is this is a cost of doing business just like your rent and equipment. It’s amazing the number of small business owners who spend $200-400 a month on Starbucks, snacks and eating out and won’t invest that same amount in cyber security