By Jonathan Deesing
Major security breaches at prominent companies have made cybersecurity a hot topic. It’s not just large businesses that are affected, however. Small businesses rarely make headlines, but they aren’t exempt from cybersecurity breaches. What’s more, a cyberattack on a small business can be devastating—within six months of getting hacked, 60% of small businesses go out of business, according to the National Cyber Security Alliance.
If you’re already using antivirus software and backing up your data regularly, you’re on the right track to having a successful digital protection strategy. But you can do more. Implement these five cybersecurity tips to ensure your small business can handle the threat of a cyberattack.
1. Establish an Employee Internet Policy
Create a written policy that covers all aspects of cybersecurity, from appropriate use of company email to social media accountability rules. If you fail to educate your employees on the effects of hazardous online behavior, you could be vulnerable to breaches. Remember: There is no such thing as too much caution when it comes to cybersecurity.
The Balance has a good starter policy guide that includes tips like limiting trade-secret sharing over social media and restricting company email to business use only. The U.S. Small Business Administration adds that companies should outline the consequences of violating the company’s internet policy, too.
2. Encrypt Your Data
An IBM study found that a single data breach can cost a company an average of $4 million. Target’s massive 2014 data breach—an attack that released financial records for thousands of customers—cost the involved financial institutions alone $200 million, according to NBC News. To help avoid those hefty costs, you should start looking at data encryption.
Encrypting your data digitally converts information into code known as cipher text that can only be decrypted back to plain text via a password. It protects the confidential, valuable data you don’t want getting compromised. Put encryption protocols on your operating systems, networks, business email accounts, and Cloud storage.
3. Invest in Cybersecurity Insurance
Did you know that your business’s general liability policy may not help you recoup losses from a cybersecurity attack? You’ll likely need to buy separate cybersecurity insurance for that kind of coverage.
These insurance policies can be designed to meet the budget of a smaller company. Experts advise to find a policy that combines first- and third-party coverage, so you can recover general costs to your company—business interruption, for example—and cover costs if an affected party sues you.
4. Apply Two-Step Authentication
Passwords—which have been businesses’ go-to security gatekeeper since the ‘80s—can be guessed with the right combination of patience and hacking software. As such, two-factor authentication (2FA) is critical for modern security protection. With 2FA, a second validation measure is required after employees enter their password. Companies implement multifactor authentication in three main ways today:
- Verification codes. Employees enter a verification code sent to their phone or email.
- Biometric codes. Employees log in with a biometric configuration, like a fingerprint scan or voice recognition.
- Hardware tokens. Employees scan a QR code or badge.
Keep in mind that 2FA isn’t a replacement for strong passwords. Passwords should use symbols, numbers, and a mix of capital letters, and employees should be required to change them regularly.
5. Form a Cybersecurity Response Plan
In the event that your business does experience a cyberattack, you need to have a response plan ready to implement immediately. In fact, these preparatory plans are so important that even the nation has one, and the Federal Communications Commission developed a Cyberplanner tool for businesses.
In practice, a solid cybersecurity incident response plan should be a multilayered response in eight stages: (1) detection, (2) identification, (3) analysis, (4) notification, (5) containment, (6) eradication, (7) recovery, and (8) post-incident recovery. A plan that details strategies for all stages will help your small business stop an attack quickly, restore data and business processes, notify affected parties, and adapt to the incident so it doesn’t happen again.
In the coming years, as threats advance, there’s a good chance that there could be a cybersecurity breach at your company. As a small-business owner, you must be thinking about security early and often. Put every safeguard in place to protect your business.
More From Nav
Jonathan Deesing is a freelance writer who covers everything from real estate to video games. When he’s not writing, you can find him trying to train a teething puppy.