Cybersecurity Essentials for Small Businesses
You hear about cybersecurity constantly; here’s how it applies to you.
Cyber threats are an issue for everyone, and small businesses are targets for such threats and crimes because they often have fewer preventative or responsive resources. So, what do you need to know?
What is cybersecurity? With the help of technology and best practices, cybersecurity is the effort to protect computers, programs, networks, and data from attack and damage.
Why is cybersecurity so important? Consider all the information you have that needs to be secure:
• Personal information for employees
• Partner information
• Sensitive information for customers/clients
• Financial and sensitive business information
It’s essential to do your part to keep these details safe and out of the hands of those who could use your data to compromise you, your employees, and the foundation of your small business. Think it can’t happen to you?
• CNN reports nearly half of the data breaches that Verizon recorded in 2012 took place in companies with fewer than 1,000 employees.
• A Symantec report showed that 31% of all attacks in 2012 happened to businesses that had fewer than 250 employees.
What are common cyber threats and crimes? There’s a broad range of information security threats. Some of the most common include website tampering, data theft, denial-of-service attacks, and malicious code and viruses.
Website tampering can take many forms, including defacing your website, hacking your system, and compromising webpages to allow invisible code that will try to download spyware onto your device. Data theft can come in various forms, and the problems that come with it depend on what kind of data is stolen. Some examples include:
• Theft of computer files
• Theft of laptops, computers, and devices
• Interception of emails
• Identity theft
A denial-of-service attack happens on a computer or website and locks the computer and/or crashes your system. This results in stopped or slowed workflow and prevents communication. The ultimate goal of this kind of attack is to prevent you from conducting business with your internetconnected systems.
Malicious code and viruses are sent over the internet with the goals of finding and stealing your files; deleting critical data; or locking your computer or system. They hide in programs or documents and replicate themselves without your knowledge.
What can I do to protect my business? The first step in protecting your business’s information is establishing comprehensive, up-to-date security policies. Make sure your employees know and adhere to your policies and best practices for internet and email. Here are just a few to keep in mind:
• Don’t respond to popup windows telling you to download drives.
• Don’t allow websites to install software on your device.
• Don’t reply to unsolicited emails. Use screen locks and shut off your computer at the end of the day.
Ensure that your computer hardware and software are updated regularly on all devices throughout the company. Change passwords periodically and use firewalls to protect your systems. You should also consider backing up your data on a regular basis so that if anything is compromised, you have a copy.
Want to learn more about how to help make your business more cyber secure? Check out “Cybersecurity for Small Businesses” in the sba.gov Learning Center, which features more tips and additional resources to help you along the way. Read the full issue of SBA Massachusetts Small Business Resource Guide 2019 to gather more best practices for your small business.