For cybersecurity, ignorance is not bliss
With all of the talk about hacking of big business and government, it’s time for small business owners to access their own vulnerabilities and design a plan of action. If they do not tackle this head on, small business owners risk the possibility of significant financial loss, litigation or even business failure.
Ignorance is not bliss when it comes to protecting your systems and data.
Ironically, most small business owners believe that they are too small to be a target when it comes to cybersecurity threats. Think again. It’s a long-standing problem, as pointed out in a survey of small businesses by the Ponemon Institute, which found that 55 percent of respondents experienced a data breach in 2013 and 53 percent of those experienced more than one breach in the same year.
A report from McAfee found almost 90 percent of small- and medium-sized business in the U.S. do not use data protection for company and customer information, and less than half secured company email to prevent phishing scams. This makes small businesses easy targets when it comes to cybersecurity attacks.
When asked what was holding these companies back from implementing more thorough security measures, most companies (29 percent) said it was a lack of funds, expertise and staff.
After giving and attending multiple presentations on cybersecurity, the most prevailing feedback we hear from the attendees is, “I feel overwhelmed by all of this.” “What can I do?”
The good news is there are several very simple things that you can do on both a personal level and on a professional level.
Business owners can implement affordable cybersecurity solutions and there are several inexpensive actions small business owners can take.
The first thing to do is to change all of your passwords. Yes, that sounds ugly but it is critical. There is a strong probability that at least one of your passwords will be hacked.
If you have the same password everywhere, then you could potentially be hacked across all of those logins. Use at least eight characters and make sure to incorporate capital letters, numbers and special characters.
A simple method to create and remember your passwords is to connect the first letter of a common phrase you relate to. An example of this is, “Houston I think we have a problem!” That translates to H1twhap!
The second thing to do is purchase a password manager. There are a variety of choices, but make sure to pick one that incorporates two factor authentication or 2FA, which is the process of combining something you know with something you have. This is an excellent tool to utilize both personally and professionally.
Educate your employees. All the insurance, IT solutions and planning in the world won’t stop a hacker if your staff lets one wander right in.
Whether it’s accidental or intentional, unsafe employee practices can be one of your biggest cybersecurity risks, and your staff needs to be fully aware of and prepared for what’s out there.
Purchase a corporate password manager for those employees that must use the Internet for purchases and handle financial, health, and or personal information for staff and clients.
Incorporate a two factor authentication (2FA) solution into your business IT. For a few dollars a month per user, a business can protect their company data and all aspects therein.
Two-factor authentication adds a tremendous amount of security with the use of one-time passwords that are only valid for seconds or minutes. This one-time password can be generated in several different ways and delivered almost instantly to your smart phone, a fob on your keychain, a credit card-sized device in your wallet, or even your email account.
So while small business owners may feel overwhelmed, there are simple, affordable and easily executable actions they can take to protect their business, their clients and their employees from a cybersecurity attack.
John Hunt is the president and CEO of CompuVision and Vision Communications in Santa Barbara.