Nearly half of small and medium-sized businesses (SMBs) have been the victim of a cyber attack, and with twice as many ransomware attacks occurring since 2017, small businesses must be well-prepared for a potential data breach by ensuring their machines are “clean,” unimportant files are purged, and software is kept updated. This includes having employees do their own digital cleaning and educating them on cyber safety, as employees can often be a company’s greatest cyber security weakness.
You can learn more through the National Cyber Security Alliance’s CyberSecure My Business program, which helps SMBs become more safe and secure online. It is based on a framework established in 2013 by the National Institute of Standards and Technology that aims to reduce risks to the nation’s critical infrastructure.
The framework takes a “best practice” approach to analyzing and mitigating risks, and recommends five steps that any sized company can take for addressing cyber threats. The five steps are:
Inventory your most valuable assets, the “crown jewels” that are of greatest importance to your business and would be most valuable to criminals, such as employee, customer, and payment data.
Assess what protective measures you need to have in place to be as defended as possible against a cyber incident.
Have systems in place that would alert you if an incident occurs, including the ability for employees to report problems.
Make and practice an incidence response plan to contain an attack, and maintain business operations in the short-term.
Know what to do to return to normal business operations after an incident or breach, including assessing any legal obligations.
On a day-to-day basis, businesses can improve their online safety practices by following these four tips:
1. Keep a clean machine
Having the latest security software, web browser, and operating system in your business are the best defenses against viruses, malware, and other online threats.
2. Protect information
Secure accounts by adding two-factor authentication and making passwords long, strong, and unique. For example, using passphrases such as “Maryhadalittlelamb” or “herfleecewaswhiteassnow” can be a good way to create a stronger password as well as make it easier to remember.
3. Protect the company’s online reputation
Set security and privacy settings to your comfort level of sharing.
4. Educate employees
Teach your employees basic best practices. For example, if an email, social network post, or text message looks suspicious — even if you know the source — delete it.
As data breaches are an increasing concern for businesses of all sizes, SMBs have a lot more to lose than larger companies if they are the victim of an attack. By doing a digital spring cleaning, working to protect their valuable data, and creating a culture of cybersecurity in the office, businesses will be much better prepared for a potential cyber attack.