Running a small business is tough. You have deadlines, payroll to meet, taxes to handle, customers with challenges, rent to pay and the list goes on. But did you know that 50% of SMBs have been breached in the past 12 months? I know what you’re thinking. Well, we are too small, who would want to go after us? We don’t have anything a hacker would want.
You’re dead wrong.
Hackers don’t typically choose their victims. They just prefer the spray and pray, especially when it comes to smaller businesses. They run campaigns targeted towards many businesses and if only one of them is successful, they win. This means you are constantly playing defense when the hacker is always on the attack. So what we are going to highlight for you are 3 critical areas you can start doing right now to help keep your business protected from the bad guys.
security Risk Assessment
First, we are going to start with a risk assessment. What this means is to simply take a look at your entire business, and understand where you have some weaknesses. For example, if you ran out of inventory, that would be a huge risk for the businesses to sell product since you have no inventory. With that example, we want to apply the same concept but look at it through the lens of our digital assets.
So imagine your bank account as an asset. How easy is it for someone to reset your password? Do you have multi-factor authentication on your bank account? Does that email account where the password is reset, have multi-factor authentication? How many of your employees have access to that account and why? These are the types of discussions you need to have among the management team and employees. Identifying these types of risks now will help reduce your exposure to a cyber attack.
school Security Awareness Training
Hands down, security awareness training is one of the most effective ways of preventing a cyber attack. Since 95% of security breaches are caused by human error, it is no question the ROI gained from a security awareness program will be valuable. So what is a security awareness training program?
You have employees interacting with online accounts all day. Emails, logins, passwords, you name it. A security awareness training program helps educate your employees on how to identify cyber threats. The education should teach them what the risks are and how to protect themselves from those risks. Simply putting together a few emails that say don’t click suspicious links is not enough to build a security culture among your employees. A true security awareness program is constantly engraining security in your employee’s day to day work so that it becomes part of your company culture.
bookmark_border Free Resource
fingerprint Password Management
Password managers are a great tool for your employees to manage multiple sets of difficult passwords for all the systems they log in to. Think about all of the passwords that your employees use every day. Most employees have access to over 30 different online accounts, some of them are including your work accounts.
Did you know that over 50% of employees reuse their personal account passwords with their work accounts? This is alarmingly high and to think that a breach of one of your employees’ personal accounts, will most likely impact your business. Having a policy on this is important, but discussing the risk with your employees is the more important factor for prevention.
About the Author
Nick Santora is the CEO at Curricula, a cyber security training software company that educates employees how to not get hacked.