Five ways small businesses can protect against cybersecurity threats
OPINION: Some businesses have a misconception that their business is too small to be targeted by cybersecurity threats. Unfortunately, this is not the case. Small businesses are at risk of cyberthreats just as much as large enterprises.
In fact, cybersecurity threats have intensified since the start of the coronavirus pandemic and the ensuing work-from-home reality. Over the year to June 2020, the National Cyber Security Center (NCSC) recorded more than 350 cybersecurity incidents in New Zealand.
New Zealand’s stock market was hit by a major cyberattack last year. Another cyberattack hit Waikato District Health Board (DHB) in May, in which patients’ sensitive health information was held captive by the hackers.
The recent Kaseya ransomware attack has also hit schools and kindergartens in New Zealand.
* DHBs refuse to release information on cybersecurity systems
* 350 cyber attacks on NZ in last year, a third by state-sponsored exploitation groups
* Cyber attack: Government not considering making payment of cyber attack ransom an offense – minister
* New product assesses businesses’ cybersecurity to inform insurance costs
At a time when cyberattacks have become more targeted and frequent in the country, small business owners need to understand the susceptibilities of their business to such attacks. Unmanaged cyber risks can expose small businesses to an endless host of vulnerabilities without the necessary resources that can help them identify, prevent, and respond to an attack.
Here are five different ways through which small businesses can prevent themselves from cyber threats:
Ensure employee training
Insider threats are a key cause of vulnerabilities in the world of cybersecurity.
Employees can either carelessly or maliciously give access to the company‘s networks to cybercriminals. It is imperative for small businesses to train every employee on ways to protect valuable data while having them sign the company’s information policy.
To prevent employee-initiated attacks, businesses can frequently remind them to instal software updates, use strong passwords, protect passwords from disclosures and refrain from opening attachments from people they do not expect or know.
Every employee should be trained on steps to be undertaken when a cybersecurity incident occurs and ways to treat business information at home or the office.
Small businesses must remember that cyber-vigilant employees can act as their best protection against information security threats.
Enable data encryption
Small businesses should ensure to turn on their network encryption and encrypt data sent or stored online. Encryption allows businesses to protect data while converting it into a secret code before the data is sent over the internet.
With this practice, it becomes harder for hackers and thieves to destroy, steal, or tamper with the data.
Businesses can switch on network encryption via their router settings or by installing a VPN (virtual private network) solution on their device when using a public network. The VPN tunnel makes it nearly impossible for intruders to access business information. Secure Sockets Layer VPN is one of the most commonly used data encryption mechanisms employed by websites to protect important user data.
Perform a cybersecurity risk assessment
The digital-friendly landscape has exposed small businesses to new critical vulnerabilities and cyber risks. Assessing such risks has become more important than ever for businesses to manage them properly and prevent themselves from cybersecurity threats.
Cyber risk assessment involves evaluating potential risks by businesses that might compromise the security of their company’s systems, networks, and information. Identifying such risks can help businesses formulate a plan to fill any gaps in security.
While risk assessments can be performed on any process, function, or application within an organization, no firm can realistically carry out a risk assessment on everything. Thus, businesses should develop an operational framework that fits their organization’s complexity, scope, and size.
This can help businesses create a risk assessment schedule based on information sensitivity and criticality of business segments and act accordingly.
Keep software and hardware up to date
To prevent cyber-attacks, small businesses need to ensure that their anti-virus software, hardware, and other security safeguards are up to date.
Businesses can program their operating system and security software in a way they update automatically, as these updates may include some crucial security upgrades for recent attacks and viruses.
Every software update usually adds or strengthens patches that shut coding loopholes hackers and intruders can slide through. It is equally important to set up a hardware firewall that sits between the internet and the computer.
A firewall operates as a gatekeeper for all outgoing and incoming traffic. While firewalls can seamlessly protect businesses’ internal networks, it is vital to update these firewalls as often as security updates and patches are released for the same. Businesses should install a firewall on all their portable business devices.
Consider cyber insurance
At a time when the sophistication and frequency of cyberattacks have increased multi-fold, purchasing cyber insurance policies has become the need of the hour for businesses.
While business owners often neglect the necessity of cyber insurance, they end up suffering huge financial losses when faced with cyberattacks and data breaches.
Cyber insurance helps businesses recover such losses after a data breach while paying for costs like revenue loss, business disruption, legal fees, equipment damages, forensic analysis, and public relations expenses.
In fact, cyber insurance providers can also protect businesses long before a breach occurs by connecting them with cyber resources that help companies learn about data security best practices, cyber risks, and incident response planning.
When looking for cyber insurance, businesses should seek trusted providers with proven experience in helping businesses understand and calculate their cyber risk and then provide customized insurance policies.
With cyberattacks making headlines every day, small businesses should not overlook the importance of cybersecurity and embrace these sure-shot ways to keep their business secure.
A little thought and some investment in cyber resilience and cybersecurity infrastructure can help small businesses escape cyberattacks and ensuing damage with much ease.
Kunal Sawhney is chief executive of the Kalkine Group