It would be great to tell you that cybersecurity isn’t a growing problem for small businesses.
Unfortunately, it is. But you can use some developing cybersecurity trends to strengthen your business defenses.
The small business cybersecurity landscape
Hackers know that 47% of small businesses have no security budget. They also know that 64% of small business owners operate under the delusion they could resolve a cyber attack quickly.
That lack of readiness and cyber resiliency make small businesses a soft target.
And that’s why the FBI estimates losses to cybercrime in 2021 alone to be nearly $7 billion.
That’s a pretty bleak picture. But you can avoid being a statistic with a few simple changes based on these cybersecurity trends.
Two Factor Authentication
Maybe you’ve never heard these terms before, but you may have used them. If you put in your password for your online bank and receive a text code to log in, that is two-factor authentication or 2FA.
2FA is a form of multi-factor authentication. And it is growing increasingly common because simple passwords are too easy to breach.
“Passwords are innately insecure now,” said Scott Lavergne, the CEO of Enterprise Data Concepts. “Computers can just blast through them.”
Lavergne said 2FA is the best way to get around the computer programs designed to guess between 10,0000 to 1 billion passwords per second.
The trend toward 2FA, however, is a slow one. Users hate friction, and 2FA adds another step between the user and the service they want.
But the good news is that 2FA costs your small business almost nothing while adding excellent protection.
And a few seconds of prevention can prevent a wildly expensive security breach.
Email security
One of the most vulnerable areas for any small business network is its email. Hackers have become adept at getting into mailboxes and getting employees to reveal sensitive information
“1 in 5 workers fall for these phishing attempts,” Lavergne explained.
And those attempts are buoyed by hackers conducting electronic reconnaissance.
“Hackers get into mailboxes and read all your emails to look for angles to manipulate you,” he said.
Lavergne said one small Louisiana company lost $500,000 due to hackers lurking in their mailboxes.
The company sent the money to its insurance company to pay its annual liability policy.
What they didn’t know was that hackers were watching the exchange.
As soon as the company sent the money, the hackers pounced.
They emailed the insurance agency pretending to be the company. They said the money had been sent from the wrong account and asked the insurer to reverse the payment.
Suspecting nothing, the insurer obliged and sent a response to what they thought was the company saying the transaction was reversed. In reality, they were replying to the hackers.
The hackers deleted all the email correspondence and created a fake domain name similar to the insurance agent.
They then emailed the company pretending to be the insurance agency. They told the company its payment failed because it had gone to a bank account that had recently been closed.
They asked the company to send it to a different account. The company saw the money had been returned and dutifully obliged, sending $500,000 to what they thought was the insurance provider’s new account.
They never noticed that the domain name the hackers offered slightly differed from the insurer’s actual domain name.
And just like that, the money was gone.
Battling email hackers with staff training
The best defense against email hackers is training. Hackers have to correspond several times to hatch their plans.
That gives well-trained employees a chance to recognize fake emails and stop them.
But how do you train employees in an already busy workday? Lavergne said the best method offers security training within the context of regular emails.
EDC offers training they routinely send fake emails to employees. If the employee clicks on it, they are informed it is fake. Then, they get a short lesson on recognizing a fake the next time.
That training helps employees recognize fake emails. It also conditions them to pick up the phone or text and verify that an email is truly from the person they think sent it.
That generates a human variation on 2FA that ensures emails are authentic, especially when sending money back and forth.
So 2FA, training, and awareness can stop hackers from accessing your online information. But what about the information on your hard drive?
It’s just as vulnerable, but there is a solution.
Data encryption
We all get busy at times and forget things. But the consequences could be severe if you accidentally leave your laptop where a thief can get it.
That doctor who loses a laptop loaded with patient information will probably have a HIPPA headache he’ll never forget.
It would be a nightmare scenario unless that data is encrypted.
Encryption is so powerful it is almost impossible for a thief to read what’s on a hard drive.
Even in the doctor’s example, the incident would not be considered a HIPPA violation if it can be proved the computer was encrypted the last time it was on the internet.
That’s because the complex algorithms and digital keys it uses create a code that cannot be deciphered with a decryption key.
All the text gets completely scrambled. So, encryption is to thieves what the Navajo Code Talkers were to the Japanese Imperial Army in World War II.
And here’s the good news. You can encrypt your personal device for practically nothing.
To encrypt your PC’s hard drive, follow these steps. MAC users can use this information to encrypt theirs.
A word of caution, though. Be sure to save your decryption key in a safe place. If something goes wrong with your computer, you’ll need it to view your information again.
For multiple business machines, software is available that mounts encryption keys and verifies encryption on internet visits.
It also keeps verification records of encryption in case of theft or other security breaches.
That verification not only brings peace of mind for you but also for your customer. Digesting a security concern is much easier if they understand their data can’t be compromised.
Encryption is powerful but only part of a robust security protocol. Updating equipment is another.
Eliminating old hardware
People get used to their devices. Some may even think it frugal and wise to sport a laptop they got during Obama’s first term in office.
You might not be spending money, but it isn’t safe.
For example, Macs might last for years without trouble. But at some point, the hardware outlasts security updates to the operating system.
And that is inviting trouble. The kind that costs way more than a single piece of hardware.
So having a strategy in place to replace old equipment is essential. This is no small chore, though.
For example, how do you know what to budget for five years from now? What will your business need, and what kind of equipment will it require?
Having an outside vendor come in and help develop that strategy can ensure you get the equipment you need when you need it. And it can be created with a budget that doesn’t make you envy Mr. Twenty-Year-Old-Laptop’s misguided frugality.
So, let’s say you’ve got everything in place for 2FA, training, encryption, email security, and hardware updates.
You’re good for 2023, right? Almost.
There’s still one very non-techie thing to put in place.
Policies and procedures for cyber insurance
Cyber insurance is a risky business for all the reasons we mentioned above. Claim payouts can be huge.
So, no cyber insurance provider will take your business without policies and procedures to mitigate risk.
The good news is we’ve already covered a few, like 2FA and MFA. Another is security training and awareness, also covered earlier.
However, there are a few we haven’t touched on yet. But if you want the peace of mind cyber insurance brings, check these out.
The first is separate backups in different locations. One may not be enough to stop a malicious hack.
Remember, hackers make their money exposing weaknesses. Having backups in different locations makes it harder for them to access all your data and hold it hostage.
It essentially acts as your ace in the hole.
The next is vulnerability management. It’s a series of checks done each quarter to ensure weaknesses are corrected before they create problems.
Cyber insurers will be much more inclined to take you on if they know this measure is in place.
There are several other measures you could put in place, but these cybersecurity trends are some of the most common ones.
So, what’s it all mean?
The cybersecurity landscape is pretty rough. But that doesn’t mean things are all gloom and doom.
It’s really a call to action. Enlist some help and take the necessary steps to keep your systems safe.
Most are simple and cost-effective. And some are free, like our complimentary security assessment you can get by visiting our website.
So, keep your chin up. It’s going to be a great and safe cyber year!
The EDC Way
At EDC, we’re constantly evolving our approach to new challenges. That’s how we prevent problems from happening before they start. Our dedicated team of IT professionals is here to help you.
From strategizing a plan to providing multiple lines of defense against hackers, we will ensure your data and private information is safe behind a vanguard of security measures.
To learn more about EDC visit EDCNOW.com, or to schedule a free consultation on how we can help with your IT needs, call us at: 337.235.7741 in Lafayette or 504.322.3622 in New Orleans.
