How to protect your small business against cybersecurity risks
Whether it’s offering ‘Click & Collect’ or 24/7 eCommerce, almost all small businesses these days rely heavily on an online presence. But as the world continues to move into the convenience of the digital space, the downside is that cybercriminals get smarter and more prolific at targeting us.
This article explains the main cybersecurity risks that small businesses (including solopreneurs) face, and offers suitable solutions to safeguard yourself — reliable, easy, and affordable. After all, unlike corporations which have dedicated IT Departments, small businesses are already on a tight budget and stretched for time.
Understanding small business cyber threats
Cybercrime used to be a problem mainly faced by large organizations, but these days small businesses are increasingly being targeted too.
A cybersecurity threat amounts to any type of unlawful attempt to access private data, damage information, or disrupt digital operations. The reasons for these attacks are mainly for monetary gain, but sometimes you’re targeted just because Black Hat hackers can (for a blast).
As the digital world evolves, hackers are also targeting small businesses more to take advantage of:
- Data Entry Points — we’re now neck deep in the Information Age. Data is being gathered, crunched, and leveraged on an unprecedented scale. It’s worth trillions annually. Data storage on personal devices makes it easier than ever before for hackers to gain an entry point into lucrative networks. You could just be an easy stepping stone.
- The Internet of Things (IoT) — with many different types of smart devices now being interconnected, a breach in your security can give criminals access to a broader range of data to sell on the black market.
Now let’s look at the common cybersecurity threats you need to know about.
Data & Network Break Ins
Malware is a cyber danger that everyone knows about by now. Malicious software infects your systems when you inadvertently open a door for it, such as clicking on a suspect link or attachment. Harmful software or spyware can steal your personal information. Also learn about the difference between viruses, worms, and Trojan horses.
Then there’s social engineering, a growing problem, as it tricks you into giving criminals what they want. Examples are fake websites that look legit, or emails that seem to come from a trusted provider. This ties into phishing attacks, where you’re scammed into providing data like your credit card number.
Malicious software can even be inserted using functionality as innocent as a search box on your website. This is called SQL injection, where you’re vulnerable if your website is hosted on a server that uses Structured Query Language (SQL), a common web building (development) tool.
Called Man in the Middle (MITM), this criminal activity happens when hackers manage to squeeze their way in between two endpoints, intercepting the data exchange. This lets them install malicious software, filter the information, and steal what they want. It mainly happens when you use an unsecured WiFi network.
Taking Your Website Down
Imagine you’ve been working yourself to the bone getting ready for your biggest sale of the year. On the day it launches, your website goes down. The horror! This is what happens when you suffer a Distributed Denial of Service (DDoS) attack.
DDoS events happen for a number of reasons. But what it comes down to is a cybercriminal overwhelming your website with requests so it can’t respond to people trying to access it. This ‘flood’ is caused by Botnets, an army of connected devices infected with malware.
The crazy thing is that anyone’s computer can become part of a Botnet (or Zombie Network) without them knowing, if it gets infected by malware. These nasty Botnets are very hard to track because they can be located all over the world.
Although a DDoS attack is not nearly as likely to happen to small companies as to larger corporations, it can and does happen to any type of business. And since a small business would be the most likely to feel major financial pain if a big sales opportunity is lost by their site going down, it’s worth taking seriously.
Data Breach Penalties & Costs
Government regulators across the globe are becoming increasingly strict about fining businesses that take a lax approach to keeping their customer data secured. In recent years, high profile companies have payed out millions for data breaches. And while that won’t apply to small businesses, if you’re on a tight budget, a couple thousand dollars in penalty fines will hurt just as much.
In the US, companies must follow individual state data breach laws. But the Federal trade Commission (FTC) can also investigate any company that doesn’t follow their privacy policies or doesn’t have safeguards in place to protect customer data. Because there’s no single law, if you end up getting a fine it could turn into a complex legal nightmare.
The UK and EU follow the General Data Protection Regulations (GDPR). Although more streamlined than the US, the GDPR can be even stricter about data protection.
On top of penalty fines, if your business suffers a data or network breach, you’ll have added costs. These include the legal fees of contesting the fine and being sued by customers for damages, hiring specialists to investigate the breach, notifying customers (which could raise your email service charges), and regaining their trust.
Ways to protect against cyber threats
Now that we’re clear on the common cyber risks your small business is exposed to, let’s look at how you can reliably and affordably stay protected.
Safeguard Your Network
These are the standard tools to have in your cybersecurity arsenal:
- Firewall — prevents unauthorized users from accessing your computer or network. Most operating systems these days, including Windows 10, come with an inbuilt firewall.
- Antivirus Software — guards against malware. Even the free versions get the job done, if you can handle the constant advertisements.
- Data Backup — important, because if any information is compromised or lost during a breach you’ll be able to easily recover it.
- VPN — with a Virtual Private Network all your data traffic is routed through an encrypted tunnel, giving you a secured connection to the Internet. These days VPNs are easy and affordable too. But be sure to choose a provider that has servers in multiple locations globally, so it doesn’t slow down your Internet speed.
Also be careful using public WiFi. Did you know that criminals can set up a ‘Free Hotspot’ using inexpensive, store-bought devices to carry out Man in the Middle attacks and steal your data? So be sure to use a VPN on all your mobile devices, not just on your work computers at home, or in the office.
- Risk Assessment Monitoring — an excellent safeguard. You can now get this proactive security for free along with data breach liability insurance. This is why Namecheap has partnered with Coalition, the only cyber insurance provider to date that gives you free security tools to prevent data and network breaches in the first place.
Added to network safety actions, here are some added tips to boost your cybersecurity:
- Software Updates — hackers are always on the lookout for security vulnerabilities. If you allow weak spots in your network by not keeping current with security patch releases, you increase your chances of getting targeted.
- Housekeeping — make sure anyone that does work for you (even if it’s a one day freelancer from Fiverr) is reminded to keep security in mind, such as using a VPN when on public WiFi. Also ensure you use a Password Manager, to generate strong passwords and encrypt them.
- Add Ons — website platforms like WordPress need a large amount of plugins, which if you’re not careful can be cybersecurity vulnerabilities. Do your research and ensure any plugins, apps or other software add ons you use are well respected and regularly updated. Or if you don’t have the time for this, you may want to look into Managed WordPress, which you can try out for free.
Cyber Liability Insurance
A final cybersecurity must-have for any modern business, no matter how big or small, is cyber liability insurance. Suffering a cyber attack is bad enough, without the added blow of damage costs. The three main financial risks are:
- Legal defense and damages following a data or network breach.
- Regulatory fines and penalties (as described in the section above).
- Breach response costs to make things right, such as credit monitoring, forensic specialists, PR activities, and customer notifications.
There are other costs such as ransomware, but these are not something that smaller businesses tend to experience.
Reliable cyber insurance should offer you different plans to fit your individual business, with an option to increase your coverage amount if you choose. It should also come with 24/7 access to cybersecurity experts, to answer questions and steer you through if any problems happen. The last thing you’d want is to be waiting for an email reply when already stressed out from a cyber attack.
It’s also important to note that a rising trend is for larger companies to want independent contractors working remotely to get liability insurance, because it increases the risk of their network being exposed to vulnerabilities.
The main cyber threats that small businesses face are data and network breaches, plus the financial costs that follow. DDoS attacks, which can take your website down do happen, but they’re mostly aimed at larger organizations, as are ransomware attacks.
Cybersecurity for small businesses comes down to a few vital but uncomplicated safeguards to protect your data. Such as keeping your software updated, plus using a VPN and a Password Manager to encrypt your information. Constant risk assessment monitoring is important too, because hackers come up with new angles daily — data is a lucrative business.
But if the worst happens and you suffer a cyber attack, it’s important to be financially protected with cyber insurance for coverage against liabilities like legal fees. It’s also vital to have access to experts who can get you back on your feet again, fast.
The term ‘peace of mind’ is overused these days. But business liability insurance that also comes with free risk assessment monitoring, 24/7 cyber support, and advanced security tools, packaged in a streamlined Dashboard, is something that we can recommend for genuine peace of mind. That’s why Namecheap has partnered with Coalition.