As a small business owner, you are often faced with serious issues that can affect the future success of your company. In addition to economic ups and downs, cyber fraud represents a growing issue for your company to contend with. Every day another breach is unveiled (Target, Neiman Marcus, Blue Cross Blue Shield, PF Chang’s to name a few). If you find yourself as a victim of cybercrime, chances are it is game-over. However, it is not uncommon for small businesses leaders to feel they are too small to attract the attention of a cyber-criminal. According to the National Cyber Security Alliance, 77% of small businesses (less than 250 employees) think their company is safe without having implemented many common practices to reduce risks. At the same time, the study showed that 60% of small businesses close within six months of experiencing a data breach!
Consider this real world example. Say an employee in your accounting department receives an email from the president of the company instructing them to send a $300,000 wire to an out of state account for an urgent matter. Of course, the employee wants to help out the Company President, but the whole matter is a fraud. Could your business withstand a $300,000 loss? According to the FBI’s Internet Crime Complaint Center (IC3), such social engineering attacks represent significant losses. In 2014, the IC3 received 2,417 Business E-mail compromise complaints with a total reported loss of $226 million dollars.
So, what steps should I take to protect my small business? Those steps should involve both your technology assets and your employees.
Secure Your Systems!
- Patch Your Systems: Keep all applications and operating system up-to-date. This includes Microsoft patches for Windows systems but also patch Adobe and Java applications.
- Prohibit Casual Browsing on Critical Systems: Systems that are used for processing payments, payroll, and client information should be prohibited from accessing personal email, social media, and general browsing. If Internet access is provided, restrict that access to only the sites necessary to perform business functions.
- Keep Antivirus Up-To-Date: keep antivirus programs and signatures up-to-date.
- Whitelist Applications: The process of whitelisting applications allows only the applications that you specify to run. If malicious software is introduced, this process should prohibited from executing.
- Implement Firewalls: Implement firewalls on every computer, not just your network perimeter. This helps stops the spread of malware inside your organization if compromised.
- System Backups: Create and test encrypted system backups with off-site storage. In the event of a disaster whether it be from a cyber attack or a natural disaster systems can be recovered from the last good backups.
- Implement Information Security Policy: that lets all employees understand their obligations and role in protecting the company.
- Implement Security Awareness Training: that includes how to identify phishing and social engineering attacks.
- Conduct Background Checks: on new hires as a condition of employment. Insider losses represent a significant component of risk.
These are minimal steps to aid in securing your small business. Some companies have additional regulatory requirements like PCI and HIPAA, which require implementation of much stricter standards. No doubt the process can seem overwhelming, but there’s no reason to go-it-alone. Seek the assistance of a certified information security firm to help you avoid costly mistakes while lowering your risk or cyber fraud.