Cybercriminals don’t take days off, which means more businesses these days are thinking about cybersecurity as a 24/7, year-round effort. In fact, cybercrime – which involves a computer or computer network and can include everything from data hacking and file destruction to ransomware attacks and email fraud – is up a whopping 600% over the past two years. Nearly every industry has been affected and has had to adapt and add new safeguards against attacks.
In particular, cyberattacks on small- to medium-sized businesses are becoming more frequent, more targeted, and more complex. It’s estimated that 43% of cyberattacks are aimed at small businesses, but only 14% of those businesses are prepared to defend themselves. That’s according to Embroker, a business insurance provider that says cybercrime will cost companies worldwide $10.5 trillion annually by 2025.
The consequences of falling victim to a cyberattack can come in the form of loss of revenue, damaged reputation, and financial harm. At INTRUST, we work diligently to safeguard our systems from cybercriminals. No matter the size of your business, it is important that you take similar steps to educate yourself and your employees to mitigate your chances of suffering financial loss through cybercrime.
All of this means it can be helpful to structure the protection of your business’s computer networks as a constant process and encourage cybersecurity to be a priority for everyone at your business. Being proactive can help you prevent attacks.
Make a plan and start early
It’s estimated that human error causes 95% of cybersecurity breaches, so a good first step is to educate your employees the first day they begin work. Consider discussing the basics at employee orientation, such as how to recognize business email compromise and phishing attempts. These are the first of many discussions you may want to have around cybersecurity. Regular meetings, conversations, and reminders about the latest security awareness tips can be helpful.
If you have an IT specialist or someone on staff who has been designated as the cybersecurity administrator, consider having them develop a checklist that standardizes basic cybersecurity for all company computers and users. This checklist might include:
- Configuring new computers with protective measures such as antivirus software and firewalls.
- Setting up device encryption to protect data in the event a device is lost or stolen.
- Regularly patching and updating software to the latest version.
- Running security checks on the company’s Wi-Fi connections.
- Establishing a VPN and educating employees on use, if applicable.
- Automatically backing up files to off-site or cloud storage.
- Encrypting data and ensuring employees know how to send a secure email.
- Creating password protocols and educating employees on password best practices.
- Prohibiting employees from using unapproved software.
- Training employees on how to properly use email.
Our Basic IT Infrastructure article offers additional suggestions on how your IT specialist can focus their efforts.
Practice being digitally secure
Training your employees to be digitally secure is an ongoing effort. Consider running exercises to test employee preparedness. A common drill involves sending an email that mimics a phishing email. (Remember, a phishing email is a communication sent by a cybercriminal to try and get your employees to click a link or reveal sensitive information including passwords. The practice has become extremely complex, and cybercriminals are becoming savvier when it comes to sending fake emails.)
If you have the budget, there are companies that offer simulated phishing experiences for businesses. When an employee clicks on a link in one of these training emails, it creates an opportunity for you to provide further education, reducing the risk of that employee clicking a link in a subsequent, legitimate phishing attempt.
Bottom line: Cybersecurity matters
You might ask, “Does my business need a cybersecurity plan? We only have eight employees, and our business doesn’t have anything to do with digital technology. We sell vacuum cleaners.” When it comes to cybersecurity, anybody who owns a computer can benefit from education and a plan.
The key to cybersecurity is to be consistent. Educating your employees about cybersecurity on a regular basis can significantly reduce the risk of a successful cyberattack on your business. By providing consistent training on topics like identifying phishing attempts, and securely handling sensitive information, you can empower your employees to make better decisions and recognize potential threats. Additionally, establishing company policies and procedures for handling suspected security breaches can help ensure that your business doesn’t become a victim and is able to respond quickly and effectively in the event of an incident. Overall, it’s an effective way to provide a sense of security and peace of mind for both you and your business.