Some may believe that small businesses are too small for cyber thieves to concern themselves with. But that logic shows its fallacy when applied beyond the cyber world. Would a small brick and mortar business be less likely to be robbed than a big corporate retail store because thieves see the small business as too small to rob? More likely, a seasoned thief would target small businesses more than a large corporate business, knowing that small businesses tend to spend less resources and have less sophistication in stopping thieves. The same is true with cyber thieves. In fact, small businesses suffer a greater proportion of losses to fraud than larger businesses.
Unlike a conventional thief who generally steals cash, cyber thieves target info which inevitably may cause greater headaches than if they had simply stolen cash. Not only are cyber thieves capable of accessing sensitive info of the small business itself, they may also have accessed sensitive info of its customers. Many states have enacted laws that require every person whose information might have been compromised to be notified by the business. In certain cases, the business must also offer to provide some form of digital protection for a certain amount of time. Some estimate the costs of these laws to be about $250 per customer for any security breach. That means if 1,000 customers had their confidential information exposed, the business is liable to spend $250,000 for that breach of security.
Do not be fooled into thinking that only businesses who conduct online transactions are vulnerable. Any business who keeps any records on a computer that is connected to the Internet is vulnerable. Any network system where employees have access to the Internet is vulnerable. Essentially, anything that is connected to the Internet is vulnerable. Hiring a cyber-security auditor and creating a Written Information Security Plan (WISP) may be necessary for some, but for those who do not have the resources to hire one and not in a situation which requires one, here are some steps to help avoid potential catastrophe.
1. Setup and maintain a firewall
A firewall simply creates a virtual wall between your server and the Internet that limits what can be seen and accessed by users in the Internet. Most antivirus programs provide firewall protection, but it is imperative that the firewall is regularly updated as cyber thieves are continually finding new ways to get around any obstacle in their way. Do not allow any antivirus software to expire and ensure that the software is updating on a regular basis.
2. Secure any Wi-Fi network
A simple, but sometimes forgotten step in protecting your business is making your Wi-Fi network secure. An unsecure Wi-Fi network is simply inviting a cyber thief to come and steal your information.
3. Dedicate a single computer to online banking
If your business conducts financial transaction online, dedicate a single computer for those transactions and limit who can access that one computer. Often, an innocent employee may unintentionally open an email or download a program that contains a hidden Trojan virus that will infect that computer and the network. Anything that can be seen by that computer will be seen by the virus and inevitably by the cyber thief.
4. Ensure employees are protected
Employees should be limited to access the business files for which their work requires and nothing more. The FCC suggests that businesses avoid giving an employee access to all data systems, and so limiting what can be accessed is a good policy. Employees who work from home may offer another opportunity for cyber thieves to access your network and these employees should ensure that their home computer is protected and updated as well.
5. Consider purchasing cyber insurance
Even with the best virus protection, a business is still susceptible to cyber attacks. Hackers have continually attacked large companies (e.g., Sony, Citibank, Michaels) and governments, and so no protection is 100 per cent guaranteed. It may be beneficial for your small business to consider purchasing some cyber insurance as a final step in protecting your and your customers’ information. Some policies cost $100 per year for $50,000 worth of insurance.