Simple Steps to Protect Your Business from Cybercrime
March 24th 2022
Reports of cyberattacks are increasing in frequency, with small businesses becoming bigger targets because they typically have not invested in security technology to the degree that larger corporations have. Many also lack internal policies and procedures designed to thwart access to sensitive data. The FBI’s 2020 Internet Crime Report found that the cost of cybercrimes hit $4.2 billion in 2020 and were up 38% from 2019.
A recent Small Business Administration (SBA) survey found that 88% of small business owners believed their business might be vulnerable.
So, what can you do if your budget doesn’t have a line item for pricey IT security solutions?
Understand Your Threats
The first step is to understand that cybercrime consists of several different types of online attacks, each of which requires different strategies to prevent malicious activity. Most cybercrimes fall into three broad categories:
- Phishing. Perhaps the most common type of attack involves emails that look like they are coming from a legitimate organization or individual, and ask you to take some action that will then give them access to your computer or to financial accounts. They can also infect your computer with viruses.
- Ransomware. This type of malware, or malicious software, infects your computer and then restricts access to the computer or to files until a ransom is paid. It usually gets into your computer through phishing emails.
- Viruses. Another type of malware involves infecting your computer with software that often gives hackers access to your computer. Other times viruses tamper or modify data on your computer. Once in, viruses can control what your computer can do, including steal sensitive information.
The common element in all cyberattacks is gaining access to your computer system, usually through email. That means that your best defense against getting hacked is by setting up protection systems and training employees in how to spot phishing attempts.
Although it’s very difficult to outsmart sophisticated cybercriminals, there are some basic steps you can take to reduce the chance that a hacker can get access to your computer systems. These include:
- Installing computer security systems
Just as your home and office likely have some kind of exterior security system, even if it’s a locked door, you can purchase protection for your computers. This layer of security, called a firewall, is a software program that prevents outsiders from getting into your system. Installing antivirus is another must-do, to keep malware from activating on your computers.
- Using secure wifi networks
With so many companies and individuals relying on wifi networks to stay connected and get work done, it’s essential that your business use a password-protected router and an encrypted, hidden wifi network. It’s harder for hackers to gain access to a network if they can’t easily find it.
- Keeping software up-to-date
Sometimes older versions of programs have vulnerabilities that can unintentionally allow access to your system. As soon as software developers discover these access points, they fix them—called a “patch” —and provide them through updates sent to customers. Making sure that you’re always running the latest software version on your computers is one way to reduce the chance that a hacker can get in.
- Requiring strong passwords
Provide employees with guidance or training in setting up more complex passwords and then require that they update those passwords regularly, at least every 60 to 90 days. You might also consider implementing multi-factor authentication, to make it even more difficult for a hacker to gain access.
- Performing data backups, backups, backups
Make sure all the computers on your network, and any off-site devices, are being backed up regularly. Store copies of important files or paperwork in the cloud, off-site, or both. If your computer is hacked, you’ll want to be able to clean off any viruses and then reload all of your programs and data. That’s only possible if you have a clean copy somewhere else.
- Training employees to recognize phishing attempts
Since the majority of cyberattacks begin as phishing attempts targeting employees (KnowBe4 claims the percentage is as high as 91%), to reduce the chance that hackers have to break into your system, you need to train employees in how to recognize phishing attempts. Security training can increase awareness and help prevent data breaches. KnowBe4 has a phishing test you can share with employees to see how vigilant they naturally are.
Although little can be done to prevent cyberattacks themselves, taking these steps to prevent access to your computing network and the sensitive information stored there will help reduce the chance of harm done.