Written by: USB Security, Union Savings Bank
This month, we have covered several topics surrounding cyber security, including business email compromise and other attacks on the rise as well as tips for preventing small business cyber attacks. As stories of large-scale cyber attacks continue to populate the headlines, it can be easy to think that an attack couldn’t happen to your small business. In our final Cyber Security Awareness Month post, we are debunking 4 more misconceptions about small business cyber attacks.
Cyber criminals only go after large businesses.
At first glance, it seems obvious that a fraudster would choose to unleash a cyber attack on a large organization over a small one. After all, there is likely more to gain in terms of quantity of data and potential earnings. However, with a larger organization typically comes more robust security that can detect an attack earlier in the process, if not prevent it entirely.
Small businesses, on the other hand, are less likely to budget for stronger cyber protection such as dedicated IT teams and company-wide employee training. These lower defenses allow cyber criminals to fly under the radar more easily, possibly getting in and out of the network before they are ever detected. Cyber criminals can also successfully deploy multiple small business attacks as opposed to one risky attack on a large business.
There are many ways to protect yourself from small business cyber attacks without carving into your budget. Educating your employees goes a long way toward preventing an attack, as does keeping your equipment up to date with software and security patches.
My business doesn’t have a website or social media, so we can’t be a target.
When you think about a business being online, a website and social media channels are probably the first things that come to mind. While your online presence can certainly tell a cyber criminal a lot about your business, not having a website or social media does not make you immune to an attack. An internet connection is all an attacker needs to gain access to your network, so maintaining security measures is essential, especially if you offer Wi-Fi to your customers.
In addition to your customers’ personal devices, your employees’ personal smartphones, tablets and laptops can also pose a threat to your network security. Set rules for personal device usage at your business and consider creating a Wi-Fi network for your employees and customers that is separate from the network you use for general business operations, and protect it with a strong password.
Connected equipment in your facility can also create access points for hackers. Be sure to change any passwords if they are still set to factory settings, including the Wi-Fi router.
I don’t have any data of value.
As a small business owner, you are responsible not only for your own data but for your customers’ data, as well. Even if your business does not store sensitive information such as social security numbers or medical records, basic details like email addresses, phone numbers and purchase history can be desirable to fraudsters. Protecting your small business data no matter what it entails is critical to your overall security and to maintaining your customers’ trust.
Regularly generate backups of your data and store them offsite in case of small business cyber attacks, power loss or other unexpected event. You may also want to consider storing more sensitive information offline and out of reach of hackers. This data should be accessible only to the employees who need it to perform their duties, so ensure that it is password protected and supervise who can log in.
My type of business is never a target.
Since many varieties of data can be desirable to fraudsters, virtually any business can be the target of an attack. Stolen data can be used in a myriad of ways, from holding it in exchange for payment in a ransomware attack to selling the data to a third party. No matter your industry, market or location, you should always follow the most stringent cyber security measures to ensure your safety.
As we wrap up Cyber Security Awareness Month and head into the holiday season, this is a good time to reflect on cyber security best practices for your business. Whether the holiday season brings a flurry of activity for your retail business or a slow down for your manufacturing operation, it can be easy to overlook security protocol between vacation days and time off the property. Stay vigilant when it comes to password protection, granting access to authorized employees, securing your property and sticking to your policies and procedures. For more cyber security tips, visit our Business Blog.