From marketing initiatives to inventory management, small business owners are pulled in many directions. One area of operations, however, that is not discussed as much as it should be is online security within their enterprises.
Small businesses are particularly at risk for cyberattacks as hackers know that very few of them (14 percent according to one survey) have highly effective ways to mitigate cyber risks, vulnerabilities and attacks.
While preventing cyberattacks altogether is unlikely, there are some precautions small business owners can take to curb them. And while this is by no means an exhaustive list, it does represent areas that should be tightened up to prevent cyberattacks.
1. Invest in Online Security Systems
Sixty percent of small companies that suffer a cyberattack are out of business within six months (source), so investing in online security systems could keep the doors open. These systems can provide two-step authentication when asking for detailed information and make it more difficult for thieves to get access to information.
Businesses can keep their data safe by using antivirus software, firewalls, network intrusion detection, security tokens, fingerprint recognition, or disk encryption. Because small businesses also have a responsibility to their customers, it's vital to make sure that their data is secure. While having banking or login information for a business stolen might seem like the end of the world, it would be even more difficult to deal with having customers' identities stolen because of lack of online security. There are also data security regulations to be aware of.
Since companies store such sensitive information, they are often targeted by cybercriminals whose goal is to infiltrate a company's network (which can extend to even the company's HVAC vendor like in the case of Target) or website for monetary gain or identity theft. They often take advantage of small businesses with outdated, unsecured website coding or attempt phishing scams on employees. They might send emails to employees, trying to trick them into opening attachments or links so they can steal their passwords and personal information.
Securing a small business from online threats comes down to having the right technology and the right security policies implemented. Companies should invest in the right software, encourage their staff to use the Internet wisely (on work and personal devices) and always set up strong passwords.
In 2016, a shocking 85 percent of organizations experienced a phishing attack and these are becoming all too common and one of the most prevalent ways businesses suffer identity theft. Phishing schemes are usually through email with malware attachments or links. These emails come from what appears to be a reputable source, mimicking banks, email accounts, vendors, and more. When you click on those links, the hackers gain access to your details and then they can do some serious damage. As a small business, never click on links or open emails that look suspicious and if you have any concerns, contact the party in question directly.
Another way businesses will typically suffer from identity theft is by working with clients or vendors who aren't vetted and are only trying to gain access to their information, such as SSN, EIN, bank information, or any number of sensitive data. Be sure to do due diligence and when working with new vendors, ask about their information protection. Just because a business is careful with its data doesn't mean a client or vendor will be equally careful. When vetting vendors or clients, ask for references, do detective work and ask how they handle their own online security.
4. Pay Vendors or Employees With Secure Checks
When businesses choose to pay vendors or employees with paper checks (versus Venmo, wire transfers, etc.), they leave a paper trail for money changing hands and it's much more difficult to steal a business identity through checks than it is to gain access to online banking information. Vendors like QuickBooks offer payroll and business checks with security elements that prevent tampering. What's more, it can help prevent internal tampering with online systems.
5. Monitor and Review Your Accounts Daily
Companies should always monitor and review their accounts every day to make sure nothing is out of the ordinary and if there is, they're able to extinguish it quickly. Small business owners can also set up certain fraud alerts to help with this monitoring like a bank sending text messages when something suspicious pops up on their account. Likewise, employing social listening software can help businesses know if customers are talking poorly about them because they've experienced some security lapse.
While cyberattacks in this day and age are inevitable, these good business practices can help make it more difficult for thieves to gain access.