Ransomware attacks and data leaks continue to affect many businesses, with hackers ramping up their efforts even more during the COVID-19 pandemic, where changes in the work environment showed cracks in cybersecurity armor. While many of the larger businesses impacted become newsworthy, the truth is that small businesses are just as, if not more likely to experience attempts to steal data or ransom it.
According to an IBM report from July of 2021, the cost of a data breach is the highest it’s ever been, averaging $4.24 million per incident.
Small business owners are particularly susceptible to attacks due to the fact they typically lack the ability to prevent and recover from cybersecurity incidents. Trying to build a business is already a tough endeavor and putting forth extra effort into cybersecurity takes a bigger budget and more resources. So, since time is important, what can be done to maximize your small business against threats?
Backups
Data loss is not just the result of hackers or ransomware attacks. It can occur from something as large as a natural disaster to as small as an employee’s mistake. Losing data causes a halt in business and strains customer relationships.
Making sure there are backups in place and that those backups are reliable is one of the most important things a business owner can do to recover from an incident. There are different strategies available to backup your data so it is important to consider different elements when looking for a great solution.
- Determine what data needs to be backed up.
- How often the backups should occur.
- Is a cloud-based backup or local backup better? Would a mix work?
- Are there procedures in place to periodically test and ensure the backups are working correctly?
Implementing a backup solution is not without its own challenges. Once a solution is in place, backups should be done on a timely schedule, automated as much as possible, and tested to confirm the backups are always working. Backups are also susceptible to the same problems that can affect front-end machines like disk failures, not enough space, or large backups causing network slowness.
Whatever solution you choose needs to work for your business. The “3-2-1 Backup Rule,” explained in this article from CO- by the U.S. Chamber of Commerce, is a simple yet effective strategy for maximizing the benefit of your backups and protecting your data from being lost forever.
Keep Your PCs and Software Patched and Up to Date
As hackers attempt to exploit security cracks in software and operating systems, updates are sent to fix those exploits and improve product security. This is an ongoing process so it is always important to keep your PCs and your software updated and on the latest version.
When older operating systems lose support, they become extremely vulnerable to malware and exploitation. How often you update and patch depends upon the needs of your business, but it is important to have procedures in place that define the process and make it part of the business routine.
Keeping PCs up to date affects more than just security. Updates revise, fix, or add new features as well as help improve overall performance.
Training Employees on Security
No matter how often data is backed up or how much you update your PCs and software, the most important elements in your security plan are your employees using those machines. According to a 2021 Data Breach Investigations Report done by Verizon, “85% of breaches involved a human element” and “61% of breaches involved credentials.” This means the most likely cause of any incident you may experience will involve some degree of human error.
Investing in a training program for employees on cybersecurity best practices will mitigate much of the risk associated with incidents and ongoing training done periodically will ensure employees are always in a position to handle an incident correctly.
Creating a workplace culture that detects and reports incidents is the goal, but it also important to have a strategy in place once an incident is reported in order to minimize the possible damage done to the business.
Treat Cybersecurity as Integral to the Business
The data that your business uses to serve your customers is extremely valuable, to both you and would-be hackers or social engineers. The more personally identifiable information that your business uses in daily operations, the more important having a cybersecurity plan in place is.
Many small businesses, due to lack of resources, never come back from a ransomware attack or data loss incident. Hackers also exploit the fact that small businesses do not have robust security in place and will not hesitate to target that business.
As threats continue to increase and changes in the workforce cause new challenges, it is important to take a second look at your current policies and procedures regarding cybersecurity.