Why To Invest in Your Business’ Cybersecurity
October is Cybersecurity Awareness Month, and this year it’s more important than ever for small businesses to have powerful fraud prevention protocols in place. Although recent cyberattacks on a wide variety of companies have grabbed headlines, not all small businesses take the threat as seriously as they should. A recent survey found that a worrisome 24% of small business are not concerned at all about a cyberattack, and only 28% of small businesses had a plan in place for response in the event of a cyberattack.
However, hackers are getting more brazen, and breaches are on the rise: The 2020 Internet Crime Report from the FBI’s Internet Crime Complaint Center saw an increase of more than 300,000 complaints from 2019, with reported losses exceeding $4.2 billion.
Here are six steps small businesses should take to develop and carry out a robust cybersecurity plan.
1. Create risk assessments and continuity plans.
Many small businesses don’t even know where their vulnerabilities lie, and it will vary depending on the type of business you run and your configuration. For example, are you a retail organization that accepts frequent payments from customers, or do you provide a service where you bill vendors on a regular monthly basis? Do you have remote employees or contractors who access your network via mobile devices or does your team work together in an office? Each of these situations can pose a different security risk. The FCC cybersecurity planning tool is a good place to start to determine your level of risk in a variety of areas.
No matter what sort of business you run, it’s vital to have a data backup plan in case your computers are compromised. Building in redundancy to your data storage can be particularly vital in case of a ransom attack, where hackers threaten to hold your data hostage until you pay them.
Your first line of defense should be cloud storage, which allows you to access data from anywhere, as well as a local option that can be another layer of data protection in case the cloud service is hacked. Look into software you can schedule to automatically back up your information daily so you always have a recent copy.
2. Deploy VPNs and other network enhancements.
If your employees work remotely, make sure they are accessing your network via a Virtual Private Network (VPN), which protects your data by creating a private connection between their devices and your company’s network. Most computers have built-in software that allows remote workers to connect to a VPN, or your provider might offer an app or other software they’ll need to install. Ask your IT provider to give step-by-step directions to streamline the process to deploy the VPN so that workers comply.
This is also a good time to double-check that your anti-virus software is working and any computer or device that’s taking care of company business has been updated with the most recent operating system, browser and software. Providers are constantly working to patch recently discovered vulnerabilities, and new versions are equipped to protect against the latest threats. (One option is Trusteer Rapport, software that protects against malware and financial fraud, which Old National Bank offers at no cost to its Business Online Banking Clients.)
Another way to protect your WiFi network is to change the default name on your “service set identifier” (SSID) so that someone trying to hack in isn’t alerted to the type of network you have, which can make it easier to infiltrate. Customer-facing companies that have WiFi for guests should use separate SSIDs to prevent guests from accessing the business network.
3. Work with a company that can help detect threats.
While the steps described above can help reduce issues, DIY tools can only do so much. Small businesses without a dedicated IT department may find it’s a wise investment to hire a consultant or company who can help identify, control and manage risks.
When evaluating your options, consider if you need 24/7 monitoring or if you just want to have someone on call if a breach or issue occurs. Schedule a consultation with various firms to share your concerns and find out what they recommend for the scale of your business and the services you provide.
While choosing a partner, look for someone who asks detailed questions about your company and its products and services and addresses key issues. It’s important that they understand the business need behind your interest in cyber monitoring so they can address what’s most vital. Then ask about their business model and find out how they respond to threats. Make sure you know how to reach them outside of regular business hours so they can address an attack before it mushrooms.
4. Partner with a bank that takes your security seriously.
You should expect your financial institution to protect your data just as actively as you do for your customers. Conduct adequate due diligence to find out what protections a bank offers to safeguard your personal data, as well as your finances.
Unfortunately, employee theft can be a problem at companies of all sizes. Talk to your small business banker about your company’s situation and find out what services or solutions they offer to protect your finances at all levels.
5. Train employees.
Good cybersecurity practices start on the front line, but many companies treat it as a “set it and forget it” part of onboarding. Instead you should prioritize the topic to keep cyber threats top of mind.
You may find that employees have become complacent about company policies or tune out yet another internal memo or email reminder. For example, 63% of employees say they use unauthorized apps to share files with colleagues either daily or weekly. Sponsoring a dedicated training session with an external consultant showcases the importance of cybersecurity and can help protect your business by keeping employees up to date on the newest hazards and latest best practices.
6. Purchase cyber liability insurance.
Unfortunately, despite everyone’s best intentions, a security breach can still occur. That’s where cyber liability insurance can kick in to cover the costs of the torrent of activities you will have to undertake to handle the attack, take care of your customers and rebuild your credibility.
This includes notifying affected parties (which is required by law), providing credit monitoring services to those affected and hiring consultants to help with regulatory and PR implications, among other potential expenses. You may be surprised to learn that the average cost of cyber liability insurance is relatively affordable with an average cost of $1,485 per year or $124 per month, while the cost of a data breach can cost small businesses an average of $36,000 to recover.
Treat cybersecurity as a strategic priority
Cybersecurity must be a foundational element for your small business’ success. After you take these vital precautions, you can rest easier knowing you are as protected as you can be, then turn your attention to other strategic components of your business. Find out more about all facets of building and running a business at Old National Bank’s “We Have Ideas” site.