It’s hard to avoid the topic of cybersecurity these days. There’s White House advisor Kellyanne Conway’s recent remarks about using household appliances for surveillance and the increasing risk of ransomware, in which hackers hold an institution’s data hostage in exchange for payment. Now, victims don’t need to have their identity stolen in order to lose significant sums. One hospital in Los Angeles paid $17,000 in order to regain access to its data. More and more people are getting letters from their health insurer or financial institution with the calamitous news that their personal information has been exposed by a recent data breach.
We know there are steps we should take as individual consumers to protect our information. But what about small business owners? Data breaches are expensive to fix, in time, money and consumer confidence, no matter how small your business is. According to Symantec’s 2016 Internet Security Threat Report, 57 percent of all spear phishing attacks in 2015 targeted small and medium-sized businesses. The Identity Theft Resource Center reports that, as of March 17, there have already been 312 data breaches in the U.S., compromising over 4.6 million records. Last year, more than 36 million records were affected by data breaches.
If 2017 is anything like 2016, hundreds of small and medium-sized businesses will be targets of attacks this year. You don’t want to be the local business sending out that we’re-sorry-your-data-has-been-exposed letter — and you may not be able to afford to offer your customers a year or more of free identity protection to shore up the damage. Think the FDIC or your general liability insurance will provide some protection? Think again. Federal consumer protections are not likely to cover business bank account losses; neither is general liability likely to cover losses due to a data breach.
from Towergate Insurance’s report “SMEs and Cyber Attacks: What You Need to Know”
In other words, safeguarding against a data breach – and preparing for one – is something small business owners really need to have on their radar. The good news is that there are some effective, if not infallible, defenses small business owners can easily – and inexpensively – implement.
First, make sure to Lock Down Your Login wherever possible. Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your Services such as Gmail and Twitter allow you to sign into an account by checking in with an app on your smartphone, or providing a special passcode sent to you in a text once you’ve entered your username and password. Such a precaution can be the difference between losing control of the sensitive messages or photos you send to, say, your staff in a mass email.
Next, consider using a password manager. You know you’ve done it — using the same passwords across several online accounts. Listen up! Criminals often rely on this half-hearted attempt at cybersecurity, there’s actually a name for such attacks: password reuse. Once a malicious hacker has cracked your email (or other) account, they’ll try that same email/username and password on major bank websites and popular social media sites.
A solution? A password manager that creates and stores complicated codes that no thief will be able to guess. And, more importantly, you won’t have to remember them all. PCMag has a handy comparison chart of “The Best Password Managers for 2017”— scroll past the chart for a link to free password managers. Alternatively, you can write your passwords down and keep them in a safe place away from your computer.
Financial apps can help you keep track of your credit score; some allow users to check their credit scores and financial information without having to pay any monthly fees, while others help you to monitor all your accounts, your credit score, and even provides spending analytics.
Finally: Don’t freak out! Remember, breaches happen. People’s credit cards get stolen. The best things to do are to take simple steps like these and, most of all, to stay informed. You can keep updated on cybersecurity issues by reading Krebs on Security and Graham Cluely’s blog.
More Small Business Cybersecurity Resources
- The Small Business Association has a free, 30-minute course on cybersecurity for small businesses.
- The Department of Homeland Security has resources for small businesses, including tip sheets and planning guides.
- WalletHub has a good collection of cybersecurity-related posts from managing your credit score to what to do after a breach.
- There’s a comprehensive cybersecurity toolkit designed for small and midsize businesses available from the federal Computer Emergency Readiness Team (US-CERT).
- And for good measure, here are a few more tips from the Federal Trade Commission on keeping your personal information safe.
- The National Cyber Security Alliance provides a range of free cybersecurity, privacy and online safety resources for small and medium-sized businesses.
About the Author
Ro Prakash is the co-founder of Townsquared - the only online private community designed to help small businesses succeed through local connections and resources.
The original version of this post appeared on March 29, 2016, in the Townsquared blog.
- #ChatSTC Twitter Chat: Happy #PrivacyAware Holidays!
- Health Information Privacy – Why Should We Care?
- #ChatSTC Twitter Chat: Protecting Critical Infrastructure from Cyber Threats
- #ChatSTC Twitter Chat: The Internet Wants You – Consider a Career in Cybersecurity
- Why Diversity Is Needed In Cybersecurity – My Unique Experience Helps Protect People
- The Higher Education CISO: A Modest Security Awareness Hero
- Today’s Predictions for Tomorrow’s Internet
- #ChatSTC Twitter Chat: Today’s Predictions for Tomorrow’s Internet
- Four in 10 US Teens Seek Help From Friends About Online Woes, New Microsoft Study Shows
- What Happens When Cyberbullies Join the Workforce?