Sony, Home Depot, Target. These are just some of the big companies in a long list that made headlines in 2014 for cyber security attacks. If you think your business is “too small” to get hacked or attacked, think again.
If hackers can ‘crack’ the code for big companies, they can certainly hack yours as well. While the numbers aren’t in yet for 2014, 44% of small businesses have been attacked according to a 2013 survey by the National Small Business Association with the cost averaging $8,700. And we’re seeing a growing trend with that number up from 18% in 2012, by a separate report from Symantec as reported in CNN Money.
The issue has even reached Congress. The House Committee of Small Business held a special hearing on “Protecting Small Businesses Against Emerging and Complex Cyber-Attacks” in the fall. Testimony was given from a number of tech industry experts with a resounding theme: Small businesses are just as susceptible to a cyber-security attack as large companies.
While no business is hacker-proof, there are some ways to protect your data, some of which are low or no-cost options to help defend against attacks.
Use an e-mail provider with proper security systems.
If you have regulatory or compliance requirements, you’ll want to ensure your e-mail provider has the protection needed. Specific industry requirements aside, look for a provider with a robust cloud offering that provides nightly back-ups and a professional service level agreement that details intended storage restoration times in the event of an outage. You’ll also want to look for a provider that can customize your network for your specific needs, as well as has the ability to compartmentalize and encrypt data so that if a hacker compromises one area, the entire system is not penetrated. Customer credit card information and employee social security numbers are two examples of data that should be surrounded by the best defenses.
Use stronger passwords.
Passwords should be at least 12 characters long, and use a combination of upper and lower case letters as well as numbers and characters. Don’t use a common word or one that can be easily guessed based on public information about you. It’s also important to use different passwords for different systems.
Consider cyber security insurance.
Understand your coverage options and types of losses. All coverage is not created equal, though, and this overview will help you determine if cyber security insurance is right for your business.
Create a cyber-security plan.
The Small Biz Cyber Planner from the Federal Communications Commission is a valuable resource for businesses without the resources to hire a dedicated staff member to protect against cyber threats. The tool provides a series of questions to determine which cyber security strategies should be included in your plan, and generates a customized document based on your needs.
The best defense is to be proactive. Benjamin Franklin’s wise words, “an ounce of prevention is worth a pound of cure,” are certainly applicable to this situation. If your company has the budget and little bandwidth among staff, outsourcing this component of the business and hiring a company to perform an eRisk Assessment can bring peace of mind that your systems and data are being constantly monitored and protected, and gaps are quickly identified. For more information on Technical Support at IT Acceleration, view our Technical Core Competencies and Electronic Risk Capabilities.