Cyber threats are on the rise, and it’s no longer just about the banks and big retail chains. It’s about smaller businesses, too.
In fact, 43% of cyberattacks target small businesses.
Why? Because they’re usually easy to hack. Small businesses don’t necessarily have dedicated IT staff, proper security, or the time or money to tend to it—and the cybercriminals know it.
And because construction is known for being high-cash-flow, small construction businesses are at the top of hackers’ lists.
But when the average attack damages reputations and costs $38,000 to remedy, 60% of small company victims go out of business within six months.
From our friends at Steel Root, here are a few simple things you can do to ensure your business isn’t an easy target.
1. Backup your data. And then backup your backups. Really. What would it mean for your company to lose your accounting data? How about all your architectural drawings, files, supplier information, or customer contacts? Backing up your data somewhere secure and accessible is an easy, inexpensive way to ensure your business could recover from cyberattack or computer failure.
2. Manage who has access to what. Not every employee needs access to every file. When logins, passwords, credit card numbers, and entire computers or servers are shared, it’s way easier for your data to get into the wrong hands.
3. Use strong passwords. It’s time to ditch Fluffy123. The harder your password is to guess, the harder it is to hack. So update your password to something more complicated, use different passwords for everything, and change them regularly.
4. Install premium security software. Especially if you use a PC (although Macs are increasingly being targeted, too.) Free antivirus software just doesn’t cut it anymore. You need a paid subscription to a top-tier security platform that will protect each computer from viruses, network, and web attacks. This layer of protection is your main line of defense against malware designed to harm your computer or steal your data.
5. Have a plan. Having a set plan of action in the case that something might go wrong is crucial to minimizing risk. But did you know it’s required of businesses in Massachusetts? If you keep personal information on any MA citizen (including employees), like name + SSN, driver’s license, or any bank/credit card info, you must have a written information security plan in order to comply with data privacy and protection legislation (MA 201 CMR 17.00). Failure to do so can result in fines up to $10,000 (MGL Title XV Chapter 93A). Plus, plans are just really good to have in case something does go wrong.
6. Consider cyber insurance. Cyber insurance is a relatively new area of insurance and one of the industry’s fastest-growing sectors. And for the majority of small businesses, it’s still very inexpensive and provides coverage for a wide variety of risks and exposures. It keeps you protected in the case of a data breach (including data that’s on paper), and even covers the funding to hire an IT company to respond to a disaster. It ensures your business gets back on its feet quickly.
7. Educate your employees. When employee error is the #1 cause of cyberattacks in the workplace, education is crucial. Take the time to educate your team on how to avoid common security pitfalls.
8. Outsource your IT and cybersecurity. For smaller businesses, this is a surefire way to ensure your business gets the up-to-date support and protection you need, when you need it, at an affordable cost.
It’s time to prevent potential problems—before they become problems!