A Cyber Security Plan Can Be a Key Productivity Hack for Your Business
It’s in the news almost daily now, especially with the disruption to the geopolitical climate in Eastern Europe; cyberattacks. Making the big headlines are those instances that paralyze the operations of some of the world’s major corporations. What you don’t often hear — and these attacks are far more frequent — are those that impact small and midsized businesses.
Numbers can vary from year and study, but cyberattacks on small and midsized businesses are on the rise from the 70-plus percent in 2020, according to statistics compiled by the National Cyber Security Alliance.
What's more: the 2021 Hiscox Small Business Cyber Risk Report found many businesses experienced more than one cyberattack in the past year, and 1 in 6 businesses said an attack threatened their survival. The report found that small businesses in particular felt a substantial impact from cybercrime, with some small firms suffering losses of up to $308,000.
Is your business prepared to withstand a cyberattack? Having a strong cyber security posture can help your organization defend itself against cyberattacks, secure important information related to the business and your customers and maintain the integrity of your business.
<iframe title="New Security Threats in our Work-From-Home Era" allow="autoplay *; encrypted-media *; fullscreen *" frameborder="0" height="175" style="width:100%;max-width:660px;overflow:hidden;background:transparent;" sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-storage-access-by-user-activation allow-top-navigation-by-user-activation" src="https://embed.podcasts.apple.com/us/podcast/new-security-threats-in-our-work-from-home-era/id1507824762?i=1000555535795"></iframe>
Cyber Security Tips for Your Business
Cyber security can be defined as the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks, unauthorized access, or criminal use. The Small Business Administration (SBA), the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Trade Commission are excellent resources that offer additional tips for combating cyberattacks.
IT experts agree that employees are often the weakest link in the fight against cybercrime. They often make critical mistakes because they lack the knowledge and training to recognize warning signs or avoid improper behavior while working online.
Here's a list of tips to aid in cyber security training and greatly enhance the security of your business data:
Cyber Security Dos
- Strengthen and regularly change passwords and security questions that provide access to account information.
- Provide cyber security tips for employees such as training and encourage reporting of suspicious emails or online content.
- Limit access to PII and PHI. Only employees whose job responsibilities explicitly require access to Personal Identifiable Information (e.g., Social Security number, bank account number) and Protected Health Information (e.g., health records, other medical information) should be granted it.
- Secure your computer and mobile devices using an updated operating system and the latest anti-spyware and anti-virus software. Also consider securing and encrypting your Wi-Fi network.
- Secure computers and networks. This involves deploying the latest security software, web browser, and operating system. Ensure that antivirus software is set to run a scan after each update and install software updates as soon as possible.
- Implement multi-factor authentication to augment security. Multi-factor authentication requires a user to provide additional information in addition to a password to log in to accounts.
- Enable your operating system's firewall, which can prevent outsiders from accessing data on a private network.
Cyber Security Don'ts
- Downloading software from the Internet or click on Internet links that launch websites or web ads, especially if the URLs don't appear to come from a trusted source.
- Don't respond to emails, open email attachments, or click links embedded in emails that include typos, spelling errors, incorrect grammar, or pop-up windows. Beware of suspicious subject lines and "urgent" calls to action. These are all telltale signs that an email might contain viruses or other malicious software.
- Don't enter personal or financial information into web forms that don't come from a trusted source.
- Don't respond to the IRS by email or social media. The IRS does not initiate contact with taxpayers by email or social media. Any unexpected calls from someone claiming to be from the IRS, threatening arrest for failure to pay, is a scam.
What Are the Risks of a Cyber Security Threat?
Cyber security threats loom over every business, large and small. And the proliferation of connected systems and devices makes cybercrime and disruption all the more tempting for those intent on committing a crime. A story reported by the BBC in February of 2022 cited new analysis that nearly 75 percent of the money made from ransomware attacks in 2021 went to hackers linked to Russia and other statistics report that ransomware in Russia is a projected $21 billion industry in 2022.
In the event of a business cyber security breach, there are many potential ramifications for an organization. Some of the consequences might include:
- Revenue loss: For instance, shutting down a compromised website could hinder sales or cause website visitors to take their business elsewhere. Repairing damaged systems could come with a hefty price tag. Hiscox found that 71% of U.S. firms targeted in a ransomware attack paid a ransom to either recover data or to prevent publication of sensitive information.
- Reputational damage: The Hiscox report also noted that nearly a quarter of businesses that were attacked received negative publicity as a result.
- Regulatory costs: With recent laws enacted such as the California Consumer Privacy Act (CCPA), businesses could face penalties in the wake of a security breach. Hiscox reported that 18% of U.S. firms targeted paid a substantial fine that had a significant impact on the financial health of the business.
- Lost customers: A security breach can impede an organization's ability to attract and keep customers. Hiscox reported that 19% of respondents who suffered a cyberattack lost customers, with nearly just as many (18%) saying they had greater difficulty attracting new customers after the fact.
Types of Cyber Security Attacks You Should Know About
Digital malicious attacks come in an array of forms. Innumerable computer viruses, codes, and applications of malware are unleashed on the public every single day. Some of the most common and dangerous forms employ similar tactics.
Phishing or Business Email Compromise
One of the most invaluable business cyber security tips is handling any suspicious email with great care. Experts urge people looking at iffy emails to hover over hyperlinks (without clicking on them) to determine whether they'll send you to an unfamiliar or suspicious web page. If it is an email that originates from your ISP, bank, or credit card company, remember that these institutions will never ask for sensitive information like your password or Social Security number. According to FBI statistics for 2021, business email compromise accounted for $1.7 billion in fraud losses.
Malware (Adware, Spyware, Ransomware)
These insidious attacks assume many guises, the most pernicious of which is called ransomware. When opened, this malicious software seizes crucial files and keeps those files "hostage" until the victim pays ransom to decrypt them. Ransomware gets into a business system when unsuspecting users:
- Download materials from a compromised website.
- Open a fraudulent email attachment.
- Employ an unauthorized USB stick or some other external media device.
Social Engineering (Identity Theft)
Cyber criminals exploit our natural tendency to trust a message we receive and/or assist someone we believe to be in need. If someone you know sends you an email containing a link they want you to click on, or an attachment contains what you're told is a photo or other attachment they want you to see, don't do it if there's the slightest suspicion that something's wrong.
Distributed Denial of Service (DDoS)
Cyber criminals barrage a company's server, overwhelming it so that it slows significantly or even crashes. The system stops working at this point. This is perhaps the most common form of assault on cloud infrastructure and storage.
Password attacks (or Brute Force)
This type of cyberattack occurs when a hacker uses software to determine (and then steal) working passwords.
A data leak, which is the intentional or unintentional release of secure or confidential information to an untrusted third party, can damage both a business as well as its employees and customers.
There are many ways that a computer virus can spread: a user can open an attachment in a phishing email, run an executable file, visit an infected website, or use an infected removable storage devices, such as a USB drive.
Develop an Effective Cyber Security Plan
Cyber security for your business could be simplified to mean just good decision-making. And not just by employees but by business owners as well. Think: Have you taken the cyber security threats seriously enough? Do you have up-to-date software to protect your business from the types of cyber attacks that could catastrophically damage it? If the answer is no or you're unsure, develop a cyber security plan.
These tips might increase the odds of adequate data protection in your favor:
1. Regularly assess existing risks and update IT systems.
It's essential to conduct a thorough assessment once a year (or every six months, preferably), with an emphasis on exposing vulnerabilities of those key assets containing confidential information and intellectual property. Also, commit to routine maintenance and regular software updates on all company devices.
2. Back up your systems in the cloud.
Businesses with a cyber security plan that store data properly are far less vulnerable to ransomware. Files should be backed up daily in multiple secure locations, such as the cloud or a hybrid data center, to ensure you have continual, uninterrupted access to the data you need if an attack occurs.
3. Undertake an aggressive employee cyber security training program.
Security is frequently compromised by user mistakes or carelessness. Consider implementing a cyber security training program that takes place on a regular basis so employees understand how critically important it is to maintain vigilance and to use good judgment with sensitive business data.
4. Install mobile-device security measures.
Use mobile devices to work and communicate throughout the company increases the likelihood of a malicious attack because the channels are unsecured. Establish policies to:
- Restrict the types of information these devices can access and share
- Determine whether mobile devices provided by the business can be taken off-site
- Enforce network access control, whereby employees can access your business's VPN and email in a secure, reliable manner.
5. Plan a response to an unauthorized intrusion.
A comprehensive incident response plan that stresses the need to immediately contact the help desk or IT team might significantly curtail the effects of an attempted data breach. Taking a proactive, strategically defensive stance can typically minimize the risk to your business and customers, enabling you to continue to focus on other vital aspects of operations.
Make Sure Your Business is Protected in Case of a Cyber Attack
Your current business insurance coverage might not include the range of expenses incurred by many types of cyber attacks — from interruption of business operations and the need for customer notifications to comprehensive security upgrades and the effort required to restore your company's damaged brand. For these reasons, consider cyber liability insurance as part of a broader cyber security plan and in tandem with your regular business insurance and employment liability policies.
An effective cyber security policy can help you craft appropriate online practices, secure business interruption protection, and cover legal fees incurred by judgments or settlements. Contact a professional to learn more about cyber liability coverage.