Protecting small businesses from cyberattacks

All individuals and organizations are potential targets of cyberattacks. Small businesses have become especially susceptible to these attacks. In fact, they are the most common target, having been the victims of 43 % of cyberattacks in 2018. Criminals choose small businesses due to their lack of resources and knowledge in fighting attacks.

Cyberattacks are defined as attempts by hackers to attempt to destroy or otherwise tamper with a computer system. Hackers are people who attempt to illegally gain access to data, usually from computers or other devices.

While there are a number of different types, phishing and malware top most of the lists of most common cyberattacks. Phishing is the leading category of cyberattacks worldwide. It occurs when hackers send online fraudulent communications, often email, that appears to come from a trusted source. It is used to steal sensitive information or trick people into installing malware.

Malware is software hackers use to access information systems. There are different types of malware including spyware, ransomware, viruses, and worms. All can cause problems for businesses by stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users’ computer activity without their permission.

Most of the attacks on small businesses come from people outside business but 34 % of the incidents were done by those within the firm. Small businesses can fight back. There are a number of steps companies can take to minimize the chance of being a victim of an attack.

The first is to take the threat seriously. One of the reasons small businesses are targets is that many of them do nothing to protect themselves. Since many business owners and managers do not have the time to become experts in this area, they may need to hire someone to help put together a cybersecurity plan.

Companies need to train employees in security principles. They should establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate internet use guidelines that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.

Another tip is to install the latest security software, web browser, and operating systems. These are among the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.

Companies need to create firewalls for their internet connections. A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Free firewall software is available online. Employees working at home need to have a home system that is protected by a firewall.

Making backup copies of important information is also important. The system should backup the data on all computers automatically at least once a week. It also makes sense to store the copies of important data offsite or in the cloud.

Make sure a separate user account with proper access authority is created for each employee and that strong passwords are changed periodically, according to Scott Blough, chief information security officer and executive director at the Center for Cyber Defense & Forensics at Tiffin University. “Proper access authority is the principle of least privilege access, meaning that user accounts only have access to what that particular user needs and nothing more.”

These tips cannot prevent all cyberattacks but implementing these ides should reduce the odds of being attacked. Cybercriminals are no different from other crooks in that they like to pick on the easy prey–but businesses can take action to keep from being that easy prey.


Today's breaking news and more in your inbox

I'm interested in (please check all that apply)