Because while government agencies, corporations and banks might be the top targets of would-be cyber attackers, small businesses need to make sure they’re protected, too, lest hackers succeed in their attempts to intrude and, in some form or fashion, monetize their information and data.
Such efforts start with educating yourself and your employees about malware and phishing attempts, ensuring that everyone knows not to open an attachment or click on a link—whether on their computer, phone or another device—if they don’t recognize the source. You must regularly remind your employees and family never to open questionable emails or emails from an unknown source. In particular, never open any attachments from people you don’t know or recognize.
Small business owners sometimes work long hours, but you can’t let your guard down just because it’s late at night and you’re getting heavy-lidded. Never open strange emails.
This should be publicized as standard policy for your business, in part because it can unleash ransomware, in which your company’s network goes down and hackers extort payments to free it back up. And ransomware attacks have been on the rise since the advent of cryptocurrency like Bitcoin, which enables anonymous monetary transfers.
You might consider taking this policy a step beyond simply asking people to be careful, by using cloud-based programs like Workshare that enable you to send and receive files securely online, as well as defensive programs like Trend Micro that flag suspicious-looking e-mails. Beefing up your internal firewalls would be a wise step—as would insisting that your vendors, including but not limited to your legal counsel, do the same, given how much you interact electronically.
Keeping your software and operating systems on any Internet-connected devices up-to-date is also crucial, as hackers can get into noncompliant systems that much more easily. Even outdated printer software, to cite one example that you might not consider, can lead them down the primrose path. Running external tests in which you check to see where you’re vulnerable in web and mobile applications can be well worth the time and effort.
Businesses also need to put plans into place as to how they would respond to attacks, who is responsible for doing what—logically based on a schematic of the management team—and at what point they should contact law enforcement. And they need to prioritize what information seems most sensitive and valuable, layering their protections in a way that reflects those priorities. You might not be able to protect yourself every time, everywhere, but classifying your data by where and how it’s stored, and who can access it, can help protect you.
Cybersecurity is perhaps best framed as cyber risk mitigation—it’s not just a technical issue, it impacts your entire business. Cybersecurity costs money, but the investment is often worth it when you consider the direct costs of hackers tying up your network or stealing sensitive information—as well as the indirect costs of harm to your business reputation. Just be careful out there …. the internet has a deep, dark side that makes patsies out of the rest of the world.