Rise of the CyberattacksCyberattacks, ransomware attacks, specifically, have been making headlines in 2021. First, we saw the incident that crippled Colonial Pipeline for five days and triggered fuel shortages and supply-chain headaches. Colonial was forced to pay the group DarkSide $5 million in bitcoin, $2.3 million of which was later recovered by the Department of Justice. Since then, another attack targeted Florida-based IT company Kaseya and infected over 200 U.S. businesses that use its corporate software. And, more recently, the U.S. and China have been trading barbs, with the Biden Administration directly accusing China of perpetrating a massive hack of Microsoft. In short, cybersecurity is likely top of mind these days. As a business owner, here's your to-do list.
#1: Prioritize CybersecurityAccording to the Ponemon Institute's 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses, cyberattacks increased 20% between 2016 and 2019, while 66% of SMBs had experienced a cyberattack in the previous 12 months. With the increasing prevalence of cyberattacks and cyber risk, businesses need to implement more robust cybersecurity measures. The consequences of cyberattacks can be catastrophic, and they include lost productivity, data breaches, and costs associated with restoring operations. Prioritizing cybersecurity means understanding your risk of an attack. A cybersecurity risk assessment is a good starting point and will enable you to identify which assets could be targeted in an attack. Once you have determined the risks, the next step is to develop an action plan to address them. One possible approach is to hire an external expert to review your business. They can conduct threat assessments, penetration testing, and vulnerability management. If a dedicated expert is out of your budget, then check out the Federal Communications Commission's Cyberplanner for more of a DIY approach. With regard to payment processing specifically, you should work with your payment processor or bank to make sure they are using the most up-to-date and robust anti-fraud systems. Likewise, avoid using the same computer to process payments and surf the Internet. And speaking of fraud, encourage customers to use more secure payment methods like chip cards, which are much more secure than their traditional magnetic-strip cousins.
#2: Train Your EmployeesYour employees, while your biggest asset, may well be your greatest liability when it comes to cybersecurity. According to the SBA, employees and emails are a leading cause of data breaches for small businesses. With that in mind, here are some employee best practices, courtesy of the National Cybersecurity Alliance:
- Keep software up to date, including operating systems and applications
- Use a stronger passphrase, as opposed to a simple password, for home Wi-Fi and wired networks (which is crucial these days given that so many employees are working from home)
- Keep personal passwords and work passwords separate
- Add two-factor authentication to business and personal accounts when possible
- Avoid opening links and attachments or downloading any files from unknown email addresses