As a small business owner, one of your most important jobs is protecting your business—especially from the ever-growing risk of cyberattacks. That may seem like a task that should be far down your to-do list, but if a hacker gains access to your data or holds your systems hostage in a ransomware attack, your operations may grind to a halt.
And recovering from a successful cyberattack can be very costly.
Still, many businesses have few, if any, cybersecurity measures in place. One reason for that is decision-makers frequently believe cybercriminals focus on larger companies that have more valuable digital assets to steal. But most cybercrime experts agree that bad actors see small companies as easy prey.
There are many reasons cybercriminals target small businesses, including that those organizations:
- Typically have minimal digital defenses
- Rarely have someone on staff that specializes in cybersecurity
- Commonly share online accounts as a cost-control strategy
- Are less vigilant since they don’t think they are at risk
“It’s often said that being targeted by a cybercriminal isn’t a matter of if but rather when,” says Peter Shelley, President at biBERK, a Berkshire Hathaway Direct small business insurance company. “And the cybercrime statistics seem to support that opinion. But the good news is that there are many actions you can take to reduce your risk of being a cybercrime victim.”
Cybercrime on the Rise
The number of cyberattacks on US businesses has risen rapidly in recent years. There are likely many reasons for that, but most experts rank the pandemic high among them. Companies rapidly switched to a dispersed workforce model, creating significant security vulnerabilities and new opportunities for cybercriminals to intercept communications, steal passwords, and gain access to computers and networks.
And while many companies have brought their employees back in-house, there are no signs that bad actors are winding down their operations. In fact, their successes in the last few years seem to have only increased their appetites.
The Cyber-criminal’s Toolkit
People gain illegal access to devices, computers, and networks in many ways. Four of the most common tools in the kit are:
- Viruses—These mini computer programs help cybercriminals steal or destroy data and can spread like a disease among connected devices
- Ransomware—This is a type of program that “locks down” the victim’s computers, effectively holding their data hostage until the victim pays a ransom
- Spyware—This is software that collects sensitive information and sends it to the cybercriminal without the victim’s knowledge
- Phishing—This tactic involves an email or website containing a link that the victim clicks, releasing malicious software onto the device
Cybersecurity companies continually provide products and services to defend against these types of attacks, but the criminals are equally persistent in modifying their tools and tactics.
A Proactive Approach to Defending Your Domain
Sitting back and wondering if you are going to be targeted can be a helpless feeling. A better approach is to lean into the challenge so you (and your clients) can be confident you’ve done all you can to protect your digital assets.
Take the seven actions below to develop and maintain solid defenses:
- Develop a cybersecurity plan — You can start with as little as a handful of best practices for securing your data, devices, and network. You can also find guidance for more detailed documents online, such as the Cyberplanner from the Federal Communications Commission.
- Assess your cybersecurity measures regularly — You can do this using a checklist you create through a free service like that offered by the US Cybersecurity and Infrastructure Security Agency (CISA) or with the help of a cybersecurity company.
- Secure your computers and network — Measures like maintaining current antivirus software, password-protecting routers, encrypting data, and having an internet firewall are critical.
- Use multi-factor authentication — This type of security requires a user to do more than enter their user ID and password to access a system. For example, they may be required to enter a code sent to their mobile device.
- Educate your employees — Your team members must understand the importance of using strong passwords, not clicking on links in emails, and avoiding suspicious downloads. Both educating new employees and frequently reminding existing ones are essential practices.
- Back up crucial data — You should make copies of critical data regularly and store it somewhere off your network.
- Enable remote employees to share data securely — There are various methods for sharing data that prevent it from being intercepted, such as secure cloud-based data-sharing services.
Be Prepared to Recover from an Attack
Small businesses are, and will continue to be, prime targets for cybercriminals. However, you can enact security measures and practices that reduce your likelihood of being targeted.
“Every business should have strong digital defenses. But if someone finds a way around yours, you need a plan for addressing the financial fallout,” Shelley says. “Cyber insurance provides affordable financial protection that can help your company recover if you’re hit with a cyberattack.”
Rakesh Gupta is chief operating officer at biBERK, part of Warren Buffett’s Berkshire Hathaway company. biBERK specializes in commercial insurance for small businesses. In his role, Gupta focuses on simplifying the insurance buying experience using technology and process innovations that make it easier for small business owners to get the coverage they need.
Like what you're reading?
Subscribe to our FREE newsletter and we'll deliver content like this directly to your inbox.