There was a time when cyber criminals seemingly had bigger fish to fry and so they overlooked small businesses, but those days are gone. Today, no business, large or small, is immune to cyber-attacks and security threats. Information from the National Cyber Security Alliance (NCSA) show that small businesses are the target of 71 percent of security breaches and almost 50 percent of small businesses have been victims of cyber-attacks.
The fall out of cyber-attacks is devastating as they cost businesses their reputation, customers and money. According to information from Experian, 60 percent of small business closes their doors after six months of suffering a security breach. As such, small businesses must be proactive in protecting themselves against security threats. But, for them to do that, they must first be aware of what the risks are.
Table of Contents
Top four security risks to small businesses
1. Phishing attacks
Hackers commonly use spam or fake emails that claim to be from legitimate businesses to get private information from small businesses.
Hackers need only the smallest window to get in and steal, destroy or otherwise exploit your company’s data.
They’re like parasites, so clicking on a phishing link once, is enough for a hacker to get into your system, set up house & an eviction notice may not be enough to encourage them to leave.
It is therefore crucial that employees be advised not to click on hyperlinks in emails that are suspicious or unverified, particularly those asking for sensitive information or payments. A rule of thumb is, when in doubt, leave it out.
Another thing to note is that legitimate institutions that offer payment options are equipped with SSL protection. This means they will have HTTPS websites.
There are a number of things small businesses can do to protect themselves against phishing attacks, including implementing:
a) Choose a secure web host for their website
b) Use a Cloud-based backup tool and restore software
c) Install an SSL certificate on company website
d) Invest in Desktop and Network firewalls
e) Get anti-spam email software
f) Educate staff member about security risks
2. Lack of Encryption
The digital era in which we live provides more opportunities for hackers to breach your company’s security and intercept sensitive data. But with these increases in security threats and cyber-attacks come measures to secure your business against them.
Encryption and authentication are two such methods that you cannot afford to not have, as they make it much more difficult for cyber criminals to breach your system and steal the company’s information or worst yet, the sensitive data that clients have entrusted you with.
3. Malware Attacks
Malware often attaches itself to advertisements and other downloads that are not very reliable. They can then inject viruses into your computer putting your whole data system at risk. They affect businesses of all sizes and smaller businesses with tight budgets are particularly vulnerable, because they will sometimes risk having an unsecured network in an effort to save money. This is the worst decision you can make as a small business.
Having a network with the right firewall and business class anti-virus technology – no matter how expensive it may seem- is actually cheaper than not having one. You should also make sure that your software is updated with the latest apps and software necessary to protect your business against security breaches.
It’s also important to educate your employees about the risk of a malware attack and how to reduce that risk. It’s best to educate them before an attack, but if you’ve already experienced a security breach, it’s better late than never, so go ahead and arrange that training session.
The benefits of doing these things far outweigh the cost. There are some other security risks that small businesses face. These include:
a) Not having a System Admin, often because of budgetary constraints
b) Ineffective Disaster Recovery Plan
c) Failure to restrict access to your network
However, the number one security risk to a small business is its employees.
4. Employees and human error
Who would have thought that your employees would be listed among your company’s biggest security threats? Well whether or not you thought of it they are in more ways than one.
Here are some of the ways that employees are small business can pose a threat the company security.
• Weak passwords
Research has shown that with the advances in technology most passwords can be hacked. There is also the suggestion that it only takes seconds to crack 90 percent of passwords. It is therefore important that employees be advised to not use things such as birthdays, anniversaries, etc. when creating passwords. Instead, encourage them to use strong passwords containing numbers, letters and special characters.
For extra security, employees should also be required to change their passwords regularly and enable two-factor authentication.
Employers should never take for granted that their employees, especially those do not work in IT; know the dos and don’ts as it relates to security. As such they may open malicious attachments, click on dangerous advertising links, and, as mentioned above, use weak passwords, simply out of ignorance.
The best way to counter this and secure your data is through employee security awareness training. Training can be conducted at the time of hire, at different points after employment or through regular attack simulations.
A disgruntled employee, particularly those in IT, can cause major trouble for your business. Cortney Thompson, CTO of Green House Data is quoted as saying:
“Rogue employees, especially members of the IT team with knowledge of and access to networks, data centers and admin accounts, can cause serious damage.”
One way to at least lessen the likelihood of this happening is by doing official background checks on prospective employees. This should help you find out if individuals have a criminal history, etc.
Internal attacks are reportedly one of the biggest threats facing a company’s data and systems, so takes all the necessary steps to protect your business.
• Bring-Your-Own-Device to Work
The number of employees bringing their own devices that they store their important information on, to work has increased significantly. As an employer you have to ensure that these devices are under the control of your systems administration. Always make sure that the devices employees bring to work include encryption and remote cloud backup.
Additionally you will need to create a plan of action just in case the device is lost or stolen. This plan will ensure that the data is still secure even if it gets into the wrong hands.
Another thing to do is to make sure your web host takes security as seriously as you do. And while this list is not exhaustive, the security threats listed above are some of the major ones that can seriously impact small businesses. Educate yourself on what all these risks are and how you can protect yourself and the sensitive data that customers give you to store safely.