Whether the internet plays a large or trivial role in the conduct of your small or mid-sized business (SMB), protecting yourself against cyber criminals with the best computer security software and practices must occupy a central place in your business strategy. Even if you segregate sensitive information by storing it on paper only or on devices not connected to the internet, there's still plenty of ways bad guys can make your life miserable.
Why Hackers Are Targeting Your SMB
Just because your company poses little threat to Fortune 500 giants doesn't mean you have nothing many hackers want, such as:
- Data you rely on for daily operations by which to extort you
- Employee names and SSNs
- Business credit cards
- Supply chain partners with greater resources to steal
- Point of Sale (POS) devices such as credit card swipers or web apps for card processing
How Criminals Go After You
- Ransomware: Once hackers break into your network (or walk in with engraved invitations), they encrypt your data then send you a ransom note. They demand payment, usually in Bitcoin, by a deadline or they'll erase your files.
- Phishing and Social Engineering: Bad actors love to play on your employees' or your own naiveté. Posing as a legitimate organization, they trick their prey into divulging credit card numbers, log-in credentials or, worse yet, to allow them to remotely access your computer.
- Entry from Business Partner Networks: Once they weasel into the network of a supply chain partner with weak defenses, cyber criminals can attempt to penetrate your network, too.
- Exfiltrating POS Transactional Data: If your business network has low walls, hackers can set up shop in your credit card processing system and make off with your customers' credit card information.
How to Beef Up Security
For small businesses, thwarting cyber criminals rests mostly on encouraging them to sniff out easier targets. Financially, you may not be able to harden your data system to the level of a fortress. However, by implementing a sensible defense plan, you pull in the welcome mat and signal hackers to move along. Here's how to do just that:
- Install a robust firewall and regularly test it.
- Install an anti-malware program that updates daily, and scan your system weekly. Select a program that works from the cloud so it doesn't hog your computing resources or entangles itself in your workflow. Make sure the product can deploy reverse DNS and content filtering. These features detect suspicious websites known to be phishing sites, or strongly suspected to be, and alert you before you step into their lair. This is critical if your employees do any web surfing from your network.
- Train all users to detect phishing attempts. Don't rely solely on your anti-malware program. All users must learn to identify phishing and social engineering scams. Even the supposedly tech-savvy Millennials can inadvertently assist a phisher.
- Always use multi-factor log-in credentials. Easy passwords can be guessed or cracked by brute force algorithms. Make sure logging in requires strong passwords using letters, numbers and symbols, plus a second and/or third step. In other words, make logging into your network as secure as logging into your online banking account.
Solutions That Won't Break the Bank
Undoubtedly, it's easier for SMBs to pretend they aren't targets of criminals than to onboard a cyber security professional whose industry fetches hefty salaries. Fortunately, you can incorporate the best computer security software with an IT partner that will monitor your technology and keep the bad guys on the outside, where they belong.