Cybercrime is on the rise. The ransomware attack on the Colonial pipeline and the meatpacking industry are two high-profile examples of how common system attacks have become. While those huge incidents garner media coverage, the fact is those companies and industries are large enough to weather the blow, paying the ransom and moving on with business. It’s a hiccup but not a business killer.
For your small business though, a ransomware attack or any other cybercrime that halts your business or damages your reputation could mean the end. Therefore it is even more imperative that you take the time to keep your company safe online. Follow these five recommendations to make sure your computer systems aren’t your greatest liability.
Train Yourself and Your Employees
Most people know not to send the Nigerian prince a money order, but if that’s the extent of your knowledge when your employee asks, “What is cybersecurity?” it’s time to quickly educate yourself. Other recommendations listed below include technological advances and implementations that will protect you in the background. Unfortunately, you can never remove the risk posed by humans, but you can reduce it by creating awareness.
Make sure your employees are aware of and know how to respond to social engineering. Teach them to think before responding to emails, opening attachments or clicking on links. Criminals often use scare techniques to get you to click on links by creating a sense of panic that stops you from using your head. Threats that your social security number is being canceled, the IRS is starting an audit, your bank account is frozen, amid myriad others, are all designed to make you click first and think later.
Remind employees that they should look at the email address carefully, making sure it is from a legitimate source. Criminals will add a legitimate name but can’t hide the address with which it is associated. Have them look for misspellings, extra letters and numbers, and incorrect extensions. In the end, it should always be policy to check with you or your IT department, if you have one, before opening an email link or attachment. In fact, make sure you have a written security policy that covers how employees use the internet and how they use customer information.
Evaluate Your Risks
You know your employees and their behavior are a risk but there are plenty of others. Sit down and evaluate your risks. Create a risk matrix that allows you to analyze each part of your business setup and decide the likelihood of risk, how tolerant you are to each risk and how you can mitigate each one. It’s important to do this for your whole business, not just your cybersecurity. If you aren’t sure about your ability to suss out each risk it’s in your best interest to bring in a professional who can tell you about each cyber risk and its potential fallout, like you would for a hazardous material assessment.
A risk matrix allows you to determine your priorities. It also assigns ownership of each risk, the steps to be taken, a projected completion date and assigns ownership to someone in your company or someone you’ve hired for the job. Even if you decide to hire out for risk mitigation, assign it to a current employee so she can follow up and maintain ownership of the process.
Move to the Cloud
When you keep everything on your local computer system you have to install and monitor top-of-the-line security systems. It can mean bringing in consultants to evaluate your system weaknesses and it should mean that you have at least one full-time IT person. If that’s beyond your capabilities, or if you just don’t want to have to worry about it, move to the cloud. With cloud applications and using Software-as-a-Service, SaaS, you are buying not only the ability to use the app and store your data on the cloud, but you’re also buying security.
SaaS companies provide the latest virus protection and definitions, hashing and encryption as part of their services because they know that their reputation rides on being able to protect your information. Look at solutions for your accounting software but also consider moving all files to the cloud through data storage websites. Moving to the cloud will also make the next security step important.
Invest in a VPN
Besides security, one of the best things about moving your business to the cloud is that it allows your employees to work remotely. Unless you’re a retail storefront, there’s really no reason you even need to pay for an office lease, property insurance and additional utilities. Use a tiny fraction of those savings and invest in a VPN. A virtual private network allows all of your employees to log in to your system and all of your cloud systems with safety.
You can’t control how each person accesses the internet and some employees may use phones, be at hotels or using the connection at their favorite fast-food restaurant. While your internet usage policy should require your employees to log in securely, expect the best but plan for the worst with a VPN. A VPN encrypts your internet traffic, verifies security on remote computers and runs the latest virus scans. When used from a secure wi-fi network, a VPN guarantees almost total security of transmissions.
Dispose of Technology Carefully
Finally, remember to dispose of your technology carefully. Don’t give or throw away old phones and laptops without wiping the data. Moving all your files to the recycle bin doesn’t get rid of them. Use wiping software to overwrite all your data with nonsense and then degauss the drive. Degaussing demagnetizes the drive so it can’t even boot up. After that, you may want to physically destroy the drive. You can send it to companies that specialize in it, or destroy it in any other way that satisfies you.
These five steps allow you to evaluate, plan for and mitigate your technological risks. It’s a time investment that can protect your information and your business.