Cyberattacks are growing rapidly and they’re increasingly targeting SMBs.
Cyberattacks are on the rise. The number of malicious incidents rose by more than 125% in 2021. With more employees working from home, there are even more opportunities for threatening actors to strike. It’s no surprise that risk management experts recently ranked cyber incidents as the single biggest risk to businesses today.
Large companies get the headlines when there’s a cybersecurity breach. But 43% of cyber attacks target small and medium-sized businesses (SMBs). One of the reasons is that smaller companies are generally unprepared to defend themselves against attacks. Only 14% of SMBs say they have adequate cybersecurity in place.
Is your business ready for this growing threat? Let’s take a look at the dangers and what you can do to be sure you’re prepared to face them.
The dangers of ignoring workplace cybersecurity
6 out of 10 small businesses that are hit by data breaches close their doors permanently within 6 months.
Ignoring cybersecurity is a huge gamble. You’re putting employee, customer, and company data at risk. You’re also putting your business in danger. According to the National Cyber Security Alliance, 6 out of 10 small businesses that are hit by data breaches close their doors permanently within 6 months.
Businesses that survive still pay a hefty price to repair the damage. They may also face compliance violations, fines from government agencies, and damaged customer trust.
All of this means It’s time to take cybersecurity seriously. Here are some of the critical steps every business should take right now.
5 cybersecurity steps to take right now
Here are 5 steps that businesses should take to improve their cybersecurity at work.
1. Perform a cybersecurity assessment
The first thing on your agenda should be to conduct a cybersecurity audit to identify any security gaps and any data at risk. Before you can fix the problem, you need to know how big it is. Consider hiring a professional cybersecurity company to assess your IT infrastructure.
You may also want to consider using some of the free tools available, such as:
- Cyber Resilience Review: The Department of Homeland Security (DHS) offers a non-technical assessment called the Cyber Resilience Review (CRR). This focuses on HR cybersecurity policies, workplace cybersecurity, and resilience. You can do the assessment yourself or ask for a DHS cybersecurity expert to help.
- Cyber Hygiene Vulnerability Scanning: The DHS also offers free cyber hygiene vulnerability scanning for SMBs. This evaluates internet-facing systems for weak configuration and vulnerabilities and provides weekly system reports.
- Cyber Planning Tool: The Federal Communications Commission (FCC) also offers a cybersecurity planning tool to help formulate a workplace cybersecurity plan.
Your assessment should include looking at your third-party connections. More than half of all businesses have suffered some form of a security breach in connection with a vendor.
2. Update HR policies
Your workforce cybersecurity planning should include clearly defined HR policies. Make information security policies a part of your onboarding process and your regular employee reviews.
Policies should include prohibiting password sharing among employees and requiring the use of strong passwords. Strong passwords combine numbers, lowercase and uppercase letters, and symbols.
You should also require two-factor authentication (2FA) or multifactor authentication (MFA). For example, login attempts send a code to an employee’s phone that they then have to enter to complete the login process.
Remote workers should be required to take additional security precautions, such as using a virtual private network (VPN). A VPN creates an encrypted tunnel anytime users connect with network resources or access company data online.
3. Establish cybersecurity training
One of the most important things you can do is to perform cybersecurity training for your employees. Stanford researchers report that about 88% of all data breaches happen due to employee mistakes. Workers should learn about the most common dangers, including phishing attacks.
Phishing attacks are the number one way cybercriminals gain access to company networks. Common practices include emails that appear to come from a well-known company or sending users to what looks like a legitimate website. This tricks workers into providing login credentials or opening an attachment that launches a malicious code.
Employees should learn about viruses, malware, ransomware, and social engineering. They should also be educated about the dangers of using public Wi-Fi.
You may want to consider getting formal training for your workers from cybersecurity professionals. There are also several free online training courses, such as Amazon’s employee training that is available for public use.
88% of all data breaches happen due to employee mistakes. Workers should learn about the most common dangers, including phishing attacks.
4. Review business practices
Companies should also employ best practices for cybersecurity regardless of their technical infrastructure. These include:
The principle of least privilege:
The principle of least privilege is to allow access to only what employees need to do their jobs. If someone is unable to access data or applications, it dramatically reduces the security risk.
Zero-trust network access (ZTNA):
ZTNA incorporates 3 principles:
- Verifying that all IT systems, data, and applications are accessed securely regardless of where employees use them
- Monitoring and controlling access each time someone attempts to access data or apps, forcing a reauthorization each time they move from one place to another within a network
- Logging and inspecting all activities
In case of a breach, ZTNA prevents cybercriminals from moving laterally through the system to expand their access.
Encryption and backups:
Data should always be encrypted. While employees can automatically receive the encryption key, you want to ensure an outsider will be unable to use any stolen data.
Companies also need to have a routine backup of mission-critical data. In case of an incident, businesses need an easy way to recover any lost data and get back to doing business as quickly as possible.
5. Evaluate your tech stack
Businesses also need to evaluate whether they have the right cybersecurity tools in place. Many affordable cybersecurity solutions provide extra protection. These include anti-virus, next-generation firewalls (NGFW), real-time threat intelligence, intrusion prevention systems (IPS), and more.
Deploying these tech tools can help protect your business from cybercriminals.
Don’t wait on cybersecurity
When you’re running a business, there’s no shortage of things on your to-do list. Cybersecurity, however, needs to be a top priority. Don’t wait. Take these 5 steps so you’ll have a more secure infrastructure to protect your business.