People believe that large businesses are more prone to cybercrime than small businesses. After all, most people know of Yahoo’s massive loss of up to 3 billion email accounts, arguably the largest cyber security breach ever.
An unknown group of criminals gained access to the season finale of HBO’s Game of Thrones before its planned release, demanding millions of dollars in return.
Wikileaks released more than 8,700 classified CIA documents containing popular means of hacking backed by the US government.
However, we rarely hear of crime directed through the Internet towards small businesses. One of many reasons we don’t hear about such data breaches is because they aren’t of value to national media sources. Consumers typically aren’t interested in reading about small businesses being hacked.
Believe it or not, small businesses (SMBs) are highly prone to cybercrime – defined any type of crime directed through the Internet or technological devices – for the following reasons:
- Business owners are less likely to report data breaches. Doing so results in loss of reputation, lower customer confidence, and other businesses refusing to engage in B2B activity.
- Small businesses have fewer resources than their larger counterparts. As such, SMBs typically cannot afford Internet- and computer-based criminal protection protocol, safeguards, and programs.
- Criminals are ultimately more likely to earn ill-gotten gains.
- In the past 12 months, roughly 61 percent of SMBs, compared to only 55 percent in 2016.
- Small businesses are subject to data breaches more than larger businesses.
Hope for Maintaining Cyber Security is far from Lost
Fortunately, SMBs can adopt policies to thwart criminals’ malicious intent. Being proactive is better than reacting to breaches in retrospect.
Here are several tips that every small business owner should make habit of.
1. Password Policies Are Integral to Success
Passwords are required by most platforms to access sensitive, private information. Yahoo email account holders must enter email and password to gain inbox access. Social media sites require the same. Most sites make users enter matching password and username combinations to use them.
However, too many people, employees, executives, and owners fail to select secure passwords.
The World’s Most Popular Passwords
Keeper Security recently analyzed more than 10,000,000 accounts across the World Wide Web. They determined the most popular passwords of 2016. A whopping 17 percent of Internet users utilized the simple password “123456.”
Many website owners and operators failed to mandate best practices in creating passwords. If websites did not allow users to make poor passwords, they would not have this problem.
2016’s next-most popular passwords included the following:
123456789
qwerty
12345678
111111
Business owners must enforce secure password practices, alongside enough username-password conventions.
Never Recycle Passwords
Assume that someone discovers a password to another person’s web account. With that password no longer secret, that person could enter the passkey elsewhere, gaining access to other accounts.
2. Back Up Data
Some criminals aim to destroy businesses’ data, rather than only steal it. Doing so can put small businesses out of business. You should always backup data using an off site cloud storage solutions.
If you backup data using physical means, the data is not very secure. Cloud storage solutions are often inexpensive, and require little training.
Over 99.7 percent of businesses in the United States are small businesses, those with fewer than 500 workers.
Small businesses are integral to the economy of most countries. If you know any small business owners, share this and related information with them. Doing so could save them from complete business failure.
3. Never Write Passwords Down
Some employees posit login credentials on post-it notes affixed to computer monitors. Doing such allows unauthorized users to access accounts, programs, or databases.
Why not tattoo your credentials on your forehead for everyone to see?
4. Utilize Multi-Factor Authentication
Combinations of passwords and usernames should provide access to only authorized users. As discussed, passwords aren’t enough to reduce the likelihood of unauthorized access.
Multi-factor authentication (MFA), for example, would send an email Jane’s account after she logs on.. She must click a link sent to her email address in order to gain access. Other common examples of MFA are fingerprint readers, retina scans, and keystroke dynamics.
5. Practice Regular Security Audits
Security audits are planned, approved, non-malicious evaluations of a business’ digital security controls. Rather than waiting for a criminal to gain unauthorized access into your digital assets, security audits detect lapses in coverage before it’s too late.
While business entities can conduct security audits themselves, hiring trained, independent third-parties is often ideal. They aren’t biased, are likely more knowledgeable than SMBs’ employees, and ultimately experience more success in gaining unauthorized access.
6. Develop Secure Information Technology Infrastructure
Failing to create and maintain secure IT infrastructure is likely to decrease digital security.
Criminals sometimes pose as repairmen, computer technicians, and contractors to gain unauthorized access into businesses’ physical locations. Businesses that maintain onsite servers are inherently more likely to experience data breaches.
Storing your business’ information offsite using cloud storage is an effective means of safeguarding your stores of data. Even if criminals did gain authorization to your facility’s physical location, it wouldn’t matter.
7. Consistently Inform Employees of Security Threats
If workers do not know about common hacking methods, they cannot guard against them. You should aim to inform them of trends in cyber crime on a regular basis.