Can Small Businesses Defend Themselves from Cyber Attacks?

 By Catherine Powell

Image courtesy pxhere

You read about big businesses being hacked every day.  Either their data has been stolen, their servers have been hit with a denial of service attack, or their computers have been locked down due to ransomware. In 2022 some of the companies that were hit included Twitter, Uber, WhatsApp, MailChimp, and Toyota.  Hacking in the US last year also included targets in the banking, healthcare, government, cryptocurrency, and law enforcement sectors.  While many of these high-profile targets made the news, what most people fail to realize is that more than 80% of hacks were not targeted at large companies but small businesses that had less than 100 employees.  This should come as no surprise.  I mean, if hackers can crack the biggest companies with the most advanced cyber security systems in the world, why wouldn't they target small businesses that are much easier to breach?  While I've covered such things as the 10 Signs of a Cyber Attack and Does Your Business Need Cyber Insurance?, what I"d like to show you today are 10 ways small businesses can defend themselves from cyber attacks.

#1: Know the enemy. - You can't successfully defend the fort if you don't know what threats the enemy is likely to use to breach your defenses.  Hacking doesn't occur in a vacuum.  While some hackers use brute force or known vulnerabilities to gain entry, others employ various ploys to get you to lower your defenses and invite them in.  Become familiar with such things as phishing, click bait, malware, ransomware, and DDoS attacks.  Make sure you keep all your software up to date.  All a hacker needs is for you to let down your guard for one minute to gain access to your system.

#2: If they can't get in the front door, hackers will try to break in the backdoor. - It doesn't help to secure your servers if you leave your Wi-Fi network and peripherals wide open to attack.  Anything attached to your network can be exploited to gain entry to your system.  This includes everything from printers to IoT devices.  In short, anything that connects to your network either wirelessly or via cable needs to be secure.  

#3: Do not pass Go! - When was the last time you changed your passwords?  How strong are your passwords?  If you want to have a fighting chance of defending your network, you need to use strong passwords of at least 12-characters long that include several capital letters, a couple digits, and one or two characters like #, &, $, or *.  You should also change system passwords once per year and store them on hardcopy as opposed to on any device in your office.

Image courtesy pxhere

#4: Restrict access to your system. - This means restricting administrative access to as few employees as possible.  It also entails reviewing, amending and revoking access to all employees from time to time.  Employ multi-factor authorization wherever possible to reinforce identity protection. This way anyone inside or outside your company will find it hard to impersonate a member of your staff.

#5: Backup your data daily. - Should a breach occur, you want to be able to rebuild your system without too much trouble. Make sure the backup copy is maintained on a system that isn't connected to your server or the backup could be vulnerable to hackers.

#6: Train your staff about the do's and don'ts of cyber security. - Make sure you have regular training sessions to teach everyone in your company what is and isn't safe surfing.  Install software that lets you both limit and monitor their online activities to prevent the installation of malicious software via clickbait and phishing.  

 #7: Secure your system six ways from Sunday - Establish a firewall to protect and monitor access to your server.  Ensure that everything connected to your system is password protected and has up-to-date software. Separate your guest network from your main network to prevent unauthorized access to your system.  Use a virtual private network (VPN) to secure any remote connections you or your staff use.  Employ an intrusion detection and prevention system to monitor and protect your digital assets.

#8: Install multiple levels of antivirus software on your system. - Your company could be crippled by a malware attack.  Investing in antivirus software is so vital to keeping online marauders at bay, that installing multiple products that compliment each other is advisable.  Ideally what you want to create is a net that not only searches for and prevents any suspicious activity on your system, but you want to make sure that anything missed by one package is picked up by the next.  This is especially important since software vendors routinely issue patches for recently discovered vulnerabilities that weren't already programmed into their system.

Image courtesy pxhere

#9: Make sure that any third-party software you use is secure. - It doesn't help to secure your system only to find out that a third-party provider has left your business vulnerable to hacking.  Sometimes it's necessary to isolate payment processing software or other third-party software used to conduct your day-to-day business.  This way if a vulnerability is discovered and exploited, the hackers won't be able to use the vulnerability to enter your system through the backdoor.

#10: Should you consider acquiring cyber insurance? - The problem with cyber attacks is that the damage done is not always unilateral.  Depending on the type of attack, a company can find it impossible to conduct business, or it could even wind up being sued by customers who were harmed by the hack.  As strong as you make your digital defenses, a determined hack attack could cost your business more than it can withstand.  A cyber policy could make it much easier to repair the damage, defend your business against litigation and allow you to keep your ship of commerce sailing along after a cyber attack.

Catherine Powell is the owner of A Plus All Florida, Insurance in Orange Park, Florida.  To find out more about saving money on all your insurance needs, check out her website at http://aplusallfloridainsuranceinc.com/