BLOG: Protecting Your Company from Cybercrime

Part 3 of 3 in a series on cybercrime and small business

Cybersecurity presents a challenging math problem. The cost of the computing power required for cyberattacks is decreasing. Unfortunately, the cost of protecting against such crimes is not.

This imbalance occurs because the most vulnerable companies rely upon decades old technology that is ill equipped for modern threats. Obsolete technology cannot adequately defend against a constantly evolving cyber threat and replacement costs are prohibitive. Due to the cost associated with updating and maintaining a cybersecurity protocol system, many small businesses put off this expense for as long as possible.  This lack of planning can have enormous financial consequences in the long term.

The National Cyber Security Alliance and Symantec’s recent survey on cyber threats revealed that 77% of small and medium-size businesses (SMBs) believe they are safe from hackers, viruses and malware. In addition, 83% of SMBs take no formal measures against cyber threats, despite the fact that almost half of all attacks target small businesses. According to the Association of Certified Fraud Examiners (ACFE), companies with less than 100 employees lose approximately $155,000 each year due to fraud. Small businesses tend to have a higher fraud rate than larger companies. One of the most frequent sources of fraud is credit card abuse because few business owners have the time to examine each line item on their bill.

As discussed in the previous two articles in this series (Ransomware and Cost of Cybercrime), hacking is a lucrative business. Digital crime costs approximately $400 billion a year. Cybercriminals target more than just banking and credit card information. One enterprising criminal intercepted mail ordered medicines and resold them on the black market for $254.7 million after gaining access to the delivery route information. All data associated with day-to-day business operations represents unlimited opportunities for cybercriminals, even innocuous details like mailing information.

Small business owners cannot avoid an attack, one will eventually occur. Instead of operating under the false assumption that an attack will never happen, small business owners should consider worst-case scenarios. Some questions to consider:

  1. What would happen to your business if all information was comprised?
  2. How badly would business be damaged if one employee succumbed to bribery or blackmail?
  3. What are all the possible ways someone could access your digital records?

While it is impossible to prevent all cyberattacks, some common sense defenses can significantly decrease the likelihood of serious damage occurring. Here are some cost effective steps to take to improve cybersecurity in small businesses.

  1. Secure Your IT Infrastructure. Every business should invest in firewalls, anti-virus, malware and spyware detection software. Make sure to upgrade your equipment on a regular basis, old operating systems are easily exploitable and the most vulnerable.
  2. Use a Dedicated Computer for Banking: Use a dedicated computer for all online financial transactions and make sure it is not used for any other online activity.
  3. Have a Password Policy. One easy step to protect your IT systems is to institute a password policy. Make sure you and your employees change passwords regularly (every 60 to 90 days).Ensure passwords are complex .Use different passwords for different online and system accounts.
  4. Educate Your Staff. Hold training sessions on basic security threats and prevention measures. One of the most frequent ways business computers are infected comes from someone clicking on a bad link or downloading an infected attachment.
  5. Consider Cybersecurity Insurance. One of the best is an insurance policy covering any losses from cybercrime and computer fraud. Many policies are affordable.
  6. Secure Company Laptops. Due to their portable nature, laptops are more likely to be lost and stolen than traditional desktops. Invest in encryption software so that if a company laptop is stolen, any sensitive data will be difficult to access.
  7. Secure Mobile Phones. Smartphones represent a glaring security problem. As pointed out in a previous article, most people do not know how to secure their smartphones. Since smartphones connect to the internet, they represent an easy access point for an enterprising criminal to hack into a company network. Consider installing encryption software. Try enabling a specific "lock-out" period, wherein the phone locks itself after a predetermined period of inactivity. Enable remote wiping. Monitor diligently. Enable 'Do Not Track' on mobile Web browsers. Block your phone number when necessary. Avoid answering spam calls. Add owner contact info to your device.
  8. Only Install Trusted Apps. Bad applications come loaded with malware that infects devices with viruses and steals information. Newer malware can hijack addresses lists to spam contacts and infect their gadgets. You can lower this risk by installing apps from the major app stores: Google Play, Amazon Appstore, Apple iTunes and Microsoft's Windows Store.
  9. Prevent Advertiser Tracking. Advertisers track online activity and shopping habits through tracking software known as cookies. This is avoidable by turning off all in-application tracking and regularly clearing internet cache history.
  10. Practice Common Sense on Public Wi-Fi Networks. While free Wi-Fi allows you to surf the internet on your smartphone without using data, there is a dangerous side to public hotspots. Hackers infiltrate these networks to snoop for valuable information, including secure account logins and credit card numbers. Stay safe by conducting banking or shopping transactions at home or over cellular using your financial institution's app. You can also use an encryption service.
  11. Wipe Old Gadgets before Donating, Selling or Recycling. Make sure to wipe your old phones, tablets, and computers before selling or recycling them. All smartphones and tablets come equipped with an option to wipe internal memory so that no trace of personal information remains.
  12. Consult A Cybersecurity Specialist. If you are unsure about the strength of your company cybersecurity protocols, consider hiring an outside professional to come and evaluate your network. They may notice vulnerabilities you missed and offer suggestions on how to stay current with cybercrime trends and threats.

Want more information? Check out this helpful resource from the Virginia SBDC on small business cybersecurity:

Virginia SBDC