While “going digital” can help streamline your business’s operations, it also makes you vulnerable to cybercrime. “As more small businesses utilize online solutions to serve customers, manage business operations and market themselves, their risk exposure has grown,” says Jack Bienko, deputy director for entrepreneurship education at the U.S. Small Business Administration.
The Obama administration has proposed legislation to better prepare the nation for digital threats, but at the end of the day, it’s still up to you to protect your business. Here are some of the threats small-business owners should be aware of, plus tips on staying safe in the digital business world.
Risks facing small businesses
Aaron Hanson, senior manager of regional product marketing at software security company Norton, says roughly 30% of the attacks Norton observed in 2013 targeted small businesses. “According to our annual Internet security threat report, small businesses represent one of the fastest-growing segments that are being targeted by hackers,” he says.
Hanson says many small-business owners don’t see themselves as potential targets, but hackers do — and they can cause major damage. A survey Norton conducted in January found that businesses victimized by cybercrime lost an average of $1,600 and two days of work time. But that’s just an average, and damage can be in the tens of thousands of dollars, Hanson says. There are intangible effects to consider, too. If word gets out that hackers have breached your data, that could hurt your reputation, and you could lose customers.
Depending on your type of business, hackers could go after credit card data, customer information or even human resources records with Social Security numbers and other information that could be used for identity theft, Hanson says. According to the SBA, other common cybercrimes against small businesses include attacks with malicious code and viruses, website tampering and denial-of-service attacks, which overload your system and cause it to crash or prevent customers from being able to access your site.
Another threat Norton has recently encountered has been dubbed “ransomware.” This is a malicious computer program that locks you out of your data. Hackers then demand you pay a ransom to get it back.
“This is one of the more scary things we’ve seen,” Hanson says. “I personally met a small-business owner who paid a $500 ransom to the bad guys and was able to get his data back.” Hanson notes that small-business owners may not consider some of their data worth stealing — but hackers recognize how valuable it is to the business itself.
How to keep your business safe
Simply being aware of cybersecurity threats is the first step, Hanson says. “A good starting point is to have policies in place on how you manage your computer resources,” he says. “Consider having a policy that governs your electronic communications, even including use of things like social networks and acceptable use of email.”
Once these policies are established, he says, train your employees in security best practices, such as creating strong passwords. Hanson encourages small-business owners to educate employees on why such things are critical for security, and to check in regularly to ensure workers are sticking to the policies.
The next step in protection is to have comprehensive Internet security software for all devices with multiple layers of security. “Most top solutions like Norton Small Business will include standard stuff like antivirus, but it will also include a firewall, protection for your browser, and other reputation- and behavioral-based tools that will really help to keep you safe against those scary threats,” Hanson says.
For even greater security, Bienko of the SBA recommends taking “an inventory of data management and client records currently used in your business.” He urges businesses to review their processes for financial management, from sales to banking and inventory control, and to assess which systems are used for each critical step of the business and which ones hold valuable information.
The Federal Communications Commission recommends making weekly backup copies of essential business data and storing it in the cloud or offsite. Files to back up include databases, financial records, key documents and spreadsheets, and employee files. The agency recommends limiting employee access to data systems, creating individual user accounts for each employee and controlling physical access to business computers.
Hanson also reminds small-business owners to treat their smartphones and tablets as cautiously as computers. “Make sure you also use a security solution to protect mobile devices, and have the mindset that this mobile device can access a lot of information,” he says.
If you’re a victim
If you believe you have been hacked, Hanson says to unplug any affected device or detach it from your network so it’s isolated, preventing potential threats from spreading. If you have a small-business solution provider such as Norton, call them, and they’ll remove viruses or malicious code. If it appears that confidential information has been accessed or stolen, also contact local law enforcement.
Resources for cybersecurity
The SBA’s website offers a free self-paced course on cybersecurity for small businesses. This 30-minute online course can help you understand risks and get up to speed on best practices. Together with The National Institute of Standards and Technology and the FBI, the SBA also hosts free workshops each year on cybersecurity.
Additionally, the FCC has a free Small Biz Cyber Planner tool to help you create a customized cybersecurity plan based on your business needs.
Image via iStock