Most small business owners have little to no security measures in place to protect their business against a Cyber Attack. As someone who talks with business owners every single day I will tell you most trend towards the none versus the little.
an attack by hackers to a computer network or system
As a business owner the time where you could ignore Computer and Network Security when it comes to your business are over. In 2017, Cyber Attacks against U.S. Businesses doubled. Yes. Doubled. That only accounts for reported attacks most Cyber Attack incidents are not even reported. The most important thing to know here is 93% of all attacks could be prevented with putting simple security measures in place and proper training of employees.
How To Protect Your Business from a Cyber Attack
Security Patches. Patch Management is imperative for protecting your business. Making sure every single device in your organization has an updated operating system and security patches. Believe it or not, there are businesses with computers that have Windows XP computers in their business there are NO security patches for unsupported operating systems. Others, simply do not have their system patches up to date. If you have one device that is not up to date with security patches your business is at rick for a Cyber Attack.
Firewall and Passwords. A firewall is not optional it is required. Period. With so many remote workers needing to access company files your must have a firewall to keep your network safe from hackers while allowing your remote workers in. A firewall will limit backdoor access to your network to those looking to cause harm to your business. Setup your organization to require strong passwords and more importantly require frequent changing of those passwords. Also, making sure that passwords are not being reused across multiple applications.
Employee Training. We simply cannot assume that all users within the company are savvy enough to know what to and what not to do. This is not industry specific don’t assume because your employees are highly educated that this means they are tech savvy. Have quarterly training with all users about not opening emails attachments and links that are suspicious, email phishing, and good cyber attack practices. For example, in the past week we have received no less than 10 faux emails from Microsoft that look pretty legit. When we hover over the link or look at the email address it is blatantly obvious to be malicious.
Encryption. You must encrypt data. Period. If your business is the victim or an attack or a mobile worker loses a laptop you can rest easy that the data is not accessible to the hackers. There are tons of system wide, or file specific tools to encrypt your data. If you have a business and are not encrypting data you are at risk.
Backups. This will be the one thing that will be most indicative of whether your business will be able to recover from a Cyber Attack or close your doors. You must have daily backups for your business. Ideally, those backups will be housed offsite. It should be noted that an External Hard Drive that is connected to your computer or server 24/7 does not count. Why? Because if your network is breached a virus will deploy immediately and will go straight to that external as well. Worst case scenario if you have a breach but have current backups your I.T. Team will be able to get you back in business quickly.
Business owners are a risk whether your organization is large or small. The good news is that the vast majority of attacks that are happening can be easily prevented. Hackers know that most companies have a pretty large hole in Computer and Network Security and are spending their time and energy on those vulnerabilities that already exist as opposed to brute force attacks on your network.
In this day and age managing your own computer network and security is neither a good idea or nor easily done. Most small businesses do not have an in house I.T. Department and if they do they are many times backlogged in projects throughout the organization. Generally, it is a good idea to utilize the service of an outsourced I.T. organization to look at your risk for a Cyber Attack.
Why? It is good to have someone with an unbiased view audit your current network, systems, and Cyber Security policies take a look at your potential vulnerabilities and help you craft a plan. Those organizations that actually have systems, training, and an actual plan in place are the ones that will recover from a Cyber attack.