Is Your Information Secure?
As a small business owner, it sometimes feels like the world is out to get you – or, more precisely, out to get your company data.
According to a report on data breaches released earlier this year, 43% of data theft involves small businesses. A data breach is defined as any incident that puts information security (InfoSec) at risk, such as hacking, social attacks, malware and physical theft of paper records and documents, as well as internal fraud committed by company employees.
These attacks can be devastating to small businesses. The U.S. National Cyber Security Alliance reports that 60% of small and midsized businesses fail within six months of a cyberattack.
Online security threats
In a recent survey by the U.S. Small Business Administration (SBA), 88% of small business owners felt vulnerable to a cyberattack. This concern is understandable considering the cost of cybercrimes reached $2.7 billion in 2018, based on FBI statistics.
The most common types of cyber threats identified by SBA include malware designed to damage a computer or server, viruses that give outsiders access to your system, ransomware that restricts access to a computer until a ransom is paid, and phishing schemes designed to steal you data.
Small business owners are cautioned to be especially watchful for email phishing scams that involve requests for money or information from a company executive or other reliable source. These schemes, known as business email compromise (BEC) scams, account for more losses than any other type of fraud in the U.S., warns the Better Business Bureau (BBB). BEC scams have defrauded businesses and organizations out of $3 billion since 2016.
“This serious and growing fraud has tripled over the last three years, jumping 50 percent in the first three months of 2019 compared to the same period in 2018,” the BBB reports. “In 2018, 80 percent of businesses received at least one of these emails.”
Offline security threats
Online data breaches aren’t the only threat to your business. Protecting physical assets from theft by outsiders or employees is equally important, but often overlooked.
Businesses that are lax when it comes to leaving checkbooks or sensitive documents laying around are offering an open invitation for outsiders or employees to make off with valuable assets.
Failure to practice due diligence when hiring an employee who executes financial transactions can also lead to fraudulent activity that can be extremely costly. In Philadelphia, a payroll clerk for a small candy company stole more than $850,000 over a 10-year period of time by cashing bogus checks that were used to feed a gambling addiction.
Basic security hygiene
Victims of a data breach can take years to fully recover from financial losses, damage caused to their company’s reputation, and loss of customers, noted Jeff Weeks, senior vice president and chief information security officer at First National Bank of Omaha.
Weeks offers several best practices to decrease the possibility and impact of a data breach, such as training yourself and employees to identify the ploys hackers use to defraud businesses of all sizes.
“Employee awareness is of paramount importance in defending against attacks,” Weeks explains. “The easiest way into a network for hackers is through trusted employees clicking on links or opening documents in phishing emails. Make sure employees are trained in how to detect phishing emails and establish a process for employees to report suspicious emails.”
Other best practices published in the SBA survey include equipping your computers with antivirus and antispyware software, using a firewall and WPA2 or WPA3 encryption to safeguard your internet connection, changing your passwords, and backing up your computer data regularly.
An ounce of prevention
The SBA also recommends preventing access or use of business computers by unauthorized personnel, locking up laptops when they are not in use and restricting administrative privileges to trusted IT staff members.
The same advice applies when it comes to protecting employee and customer information from getting into the wrong hands. Simple but effective procedures to consider start with keeping paper checkbooks and sensitive documents under lock and key. Access to keys should be restricted to employees who need them; and whenever they leave your company, make sure they turn in their keys and badges.
Installing a security system that includes cameras can be an effective deterrent to physical theft of employee and customer information.
While there is no easy fix when it comes to protecting confidential information, following a few best practices can go a long way to securing the future of your small business and its ability to grow and prosper.
About the Author: Clint Sporhase leads First National Bank’s efforts to serve small business owners. Clint has 25 years of sales, marketing and strategy experience.Read More Insights