Cyber security: Tips to protect your small business
January 21, 2022 — Business insights
Running a small business means you wear lots of hats. Chances are you don’t have an executive team of professionals to guide decision-making in areas like human resources, marketing or IT. Instead, it falls on your shoulders in addition to your executive responsibilities. Running advertising campaigns or managing things like your cyber security don’t get the attention you’d like.
However, some things, like cyber security, can’t be ignored. Forty-three percent of all data breaches involve small- and medium-sized businesses, and the pandemic-initiated work-from-home transition made businesses even more susceptible.1
“The magnitude and frequency of the breaches that have occurred over the past two years with the transition to working remote opened doors where companies were unprepared,” said Scott Wilsey, chief information security officer for SageSure. “The transition left holes in firewalls, and hackers got in a lot easier.”
Cybercrime is up 600% because of the pandemic.2 Clearly, cyber security is more important than ever – the trouble is knowing where to start.
First things first: What is cyber security?
Cyber security is computer and network protection from information breaches, theft or damage to hardware or software that can compromise and disrupt business.
Defending against cybercriminals and malicious attacks can be a full-time job. Here are some simple things small businesses can do to protect themselves.
Get smart about passwords
Passwords offer one layer of protection. The irony is that they are either so good we can’t remember them, or simple enough to remember and therefore not as protective. An external password manager can help with this.
Password manager services house all your passwords in one location protected by, you guessed it, a password. With this type of service, a unique password for each of your separate needs is saved (so you don’t have to remember them all) and protected so that if a password is compromised, you only have to change the one affected. Keeper and LastPass are reputable services to check out.
Password management subscriptions, as opposed to browser password managers associated with Google, Apple or Microsoft accounts, provide an additional layer of security. If it’s not in the budget to use an external provider, you can rely on the browser password managers, but be sure to have a complex and difficult password set for that account like you would for a password manager account.
Often in business, there is a need to share passwords. To have the best level of protection in situations like this, a password manager is an appropriate tool to use.
“There may be a valid reason to share passwords,” Wilsey said. “In this case, you can create folders within your password manager enabling you to share certain passwords and not others.”
Wilsey recommends Keeper and Vault.
Another option is to create one unbreakable password for every account.
“This could be done using a phrase or sentence that you can remember but is meaningless,” Wilsey said. “It needs to be at least 15 characters, something that can’t be looked up in a dictionary and utilizes some capitalizations and special characters.”
Whenever possible, enable multi-factor authentication (MFA) in addition to your passwords. MFA requires you to provide at least two verification factors before receiving access to password-protected systems.
Protect yourself against viruses
Using modern antivirus and antimalware software on computers provides another level of protection. At minimum, Microsoft offers tools that provide hard drive scans, and if this is all you can afford, you should be running them. However, the better solution is to subscribe to a service. These services are active on your computer detecting malicious behavior in real time and blocking it. CrowdStrike offers this type of service.
Go anonymous online
Subscribing to a VPN or virtual private network allows you privacy and anonymity by masking your IP address from your public internet connection. Browsing the web or completing transactions on an unsecured WiFi network exposes your confidential information and browsing habits. Mobile browsing capabilities mean you’re probably checking bank accounts, making purchases and sending emails from coffee shops, doctors’ offices and supermarkets. A VPN provides another layer of protection. NORD VPN is a reputable service to consider.
Educate yourself and your employees
“Thirty six percent of data breaches occur via phishing attempts,” Wilsey said. “The biggest thing you can do is understand what phishing is and be on the lookout for phishing attempts.”
With phishing attempts, attackers masquerade as a trusted entity and send fake messages designed to trick the receiver into providing private or sensitive information, like passwords or credit cards. Utilizing a training service like KnowBe4 to educate yourself or others on detecting these malicious attempts is the best way to protect yourself and your small business.
“If you get suspicious texts or emails asking for information and you’re not confident in the credibility of the sender, just delete them,” Wilsey said.
A note of caution: Often, phishing emails may look like they are from reputable companies, like Amazon. Detecting these attempts can be more difficult, but if you carefully scan the content and sender’s email address, you’ll find discrepancies in spellings, etc. that will alert you to the phishing attempt.
Leverage your small business insurance
Most small business insurance products have protections in place for cyber-attacks. The cost and downtime associated with cybercrime can be extensive and costly, and small business insurance often covers this type of crime. Understand your businessowners policy and leverage your insurance to protect you in the event of cybercrime.
Partner with those who protect you
Business-to-business relationships can often provide an additional level of protection. Working with trusted organizations has hidden benefits. SageSure is providing another layer of protection for agent partners. Through a service provider, SageSure will be monitoring password and data breaches for our agent partners. If a username and password combination used for the SageSure Agent Portal is breached, agents will be notified and required to change their Agent Portal password. If the agent is using that password for other platforms, the notification will allow them to make changes elsewhere and further protect themselves.
Protecting yourself from cybercrime may seem daunting, but you can’t be too careful. Taking some simple steps to protect your passwords and your IP address, while educating yourself against fraudulent information requests, are straightforward ways to add more layers of protection. Round out your BOP with the correct protections, and you’ll be on your way to preventing unwanted cyber activity from disrupting your business.