As a small-to-mid sized business owner, you may believe your modest website and assets are safe from the massive security breaches and cyberattacks that afflicted many large companys in the last few years. Just because we don't hear about small-to-mid sized businesses (SMBs) suffering losses from cyberattacks doesn't mean the don't happen. In fact, cyberthreats and hackers actually target SMBs because nearly one third of them don't implement any protections. Without an arsenal of safeguards like firewalls, backups, antivirus software, spam filters, or data encryption, your website can be an open door for cybercriminals.
Let's do some math. Close to 50% of SMBs' websites use software that leaves them vulnerable to attacks, so there's a decent chance you're a part of that percentage. That number becomes much more nerve-wracking when set beside cyberattack statistics from 2018: a 70% increase in spear-phishing attacks, a 350% increase in ransomware attacks, and a 250% increase in spoofing or business email compromise attacks. Now, compile those number with the fact that 60% of small companies go out of business within a few months of a cyber attack. You don't have to be a math whiz or a statistician to see that the significant growth around cyberattacks and information theft means you need to become incredibly vigilant in order to detect and respond to cyber and date risks.
Experts say that the evolution and advancement of cyberattacks show no sign of slowing down, so here are a ten basic steps you can take today to protect your business from the ever-growing threat of cyberattacks.
Implement mandatory cybersecurity personnel training and education
Make sure everyone from board members to data entry specialists are informed about the best course of action needed to combat preemptively or clean up after a cyberattack. Send memos, have sit-down meetings, or whatever works best for your business- as long as everyone understands the present threats and how to protect against them.
Generate an incident response plan
A well-documented and communicated plan can limit damage to your business, reduce recovery time post-attack, and potentially lower the ultimate cost of the breach
Establish automated website backups
Cloud-based automated website backups are your most important asset in surviving a cyberattack. Services like Website Backup Bot track any changes made to a website and provide a thorough backup history for short-to long-term storage. In the unfortunate event of a website compromise, having a recent and clean backup of your website ready to be deployed will allow you to have one less thing to worry about
Installing a firewall is an easy, almost “no-brainer” first line of defense against pernicious cyberattackers. There are many reputable firewalls available that, if updated regularly, can protect your network, allow safa data in, and keep bad data out.
Do you trust your neighbors? Even if you do, protect your WiFi by having a strong password that you update regularly
Update passwords regularly
Just like your wifi password, keep all your login credentials secure by updating the passwords throughout your network. Consider multi-factor authentication if possible.
Strengthen monitoring, response, and detection services
Your end-goal is to be able to detect data breaches or cyber intrusions as soon as they happen, quickly respond to them, and successfully eliminate malicious software, bots, and viruses
Update antivirus software regularly
Experts say we will continue to struggle to keep up with the rate of cyberattack advancement. Ensuring your antivirus software is up to date an incredibly simple and effective way to get a foot up in the cyber-space race of website security
Install CMS updates as soon as they are available
The data assets hackers care most about is the easy-to-monetize realm of client account information. Install patches as they roll out to close any gaps in the security of your CMS.
Get cyber security insurance
Some refer to this as data-breach liability insurance or cyber liability. Get standalone coverage and be sure it's adequate to cover a hefty data breach.