 Skip to main contentSkip to main content
You have permission to edit this article.
Edit
AP

4 ways to protect your small business from cyberattacks

  • Updated
  • 0
NerdWallet-Small-Business Cyberattacks

FILE - This Tuesday, March 10, 2015 photo shows, from left, the USB Type-C port, two standard USB ports, and headphone jack on a laptop, in San Jose, Calif. Compared with larger companies, many small businesses have fewer resources to dedicate to cybersecurity, leaving them vulnerable to the ever-evolving tactics of cybercriminals. To protect themselves from cyberthreats, business owners should evaluate their online systems to understand where their data lives and what information needs to be kept safe.

 Jeff Chiu - staff, AP

Since the beginning of the COVID-19 pandemic, small businesses have quickly adopted remote working and transitioned to new technologies, such as contactless payments and online ordering. Unfortunately, these adjustments have come with increased risks. According to a 2022 report from Barracuda, a cloud and networks security company, small businesses with fewer than 100 employees receive 350% more social engineering attacks — like phishing, scamming or email compromise — than larger businesses.

Compared with larger companies, many small businesses have fewer resources to dedicate to cybersecurity, leaving them vulnerable to the ever-evolving tactics of cybercriminals. And dealing with the consequences of a cyberattack can be seriously detrimental to a business’s bottom line, costing approximately $25,000 per year.

Learn how to protect your small business from cyberattacks with these four tips.

1. EVALUATE YOUR ONLINE SYSTEMS

Before you can effectively protect your business from cyberthreats, you should have a complete understanding of your current ecosystem of online computer operations. You can ask: “What do we do on any machine that’s connected to the internet whatsoever?” says Andrew Lipton, vice president, head of cyber claims at AmTrust Financial Services, a small-business insurance company.

People are also reading…

Business owners should understand where their data lives and classify what types of data they store — for example, names, addresses, Social Security numbers.

Lipton suggests reaching out to a legal expert, especially if you’re handling sensitive information like Social Security or credit card numbers, to get a better understanding of the consequences of a data breach and get a professional opinion on how to protect your data.

Then, you’re in a good position to talk to your internet service provider to find the best way to secure your most important information.

2. IMPLEMENT CYBERSECURITY BEST PRACTICES

Even without the firepower of larger companies, small businesses can create a defense that discourages cybercriminals from carrying out their attacks, said Najma Sultana by email . Sultana is the chief security officer at Veem, a global payments provider for small businesses.

As a business owner, you can implement basic security and hygiene practices, such as:

— Installing firewalls to prevent unauthorized access to your networks.

— Using antivirus software and ensuring that it’s updated regularly.

— Regularly backing up data and storing it offline or in another location, not just in the cloud.

— Creating strong passwords and not using the same password across different accounts.

— Requiring multifactor authentication, which asks for two identifying factors, like a password and a code, to access accounts and systems.

Some of these security features may already be at your disposal. “Many of the applications and software your company already uses will have built-in security features, but they won’t necessarily be turned on by default,” said Lauren Winchester, vice president of risk and response at Corvus Insurance, by email.

You can enable these features to quickly and easily add an extra layer of security to your business.

3. TRAIN YOUR EMPLOYEES — AND YOURSELF

You and your employees are often the first line of defense in protecting your business from cyberattacks. In fact, according to the 2022 Global Risks Report by the World Economic Forum, 95% of cybersecurity issues can be traced to human error.

Receiving basic cybersecurity training can help you and your employees learn to identify common threats, such as phishing emails or suspicious downloads, as well as develop online best practices, like safe browsing and strong passwords.

And with employees working remotely or in different office locations, it’s particularly important to create and review cybersecurity policies for your business, including safety guidelines and what to do in the event of a data breach.

The Federal Communications Commission offers a free online tool to help you create a customized cybersecurity plan based on your unique business needs. Free virtual and in-person cybersecurity training events are available from the U.S. Small Business Administration and its partners. Your internet systems and cyber insurance providers may also offer these types of training.

4. INVEST IN CYBERSECURITY INSURANCE

Cybersecurity insurance can help protect your business from financial losses caused by incidents such as data breaches, ransomware attacks and hacking.

If, for example, your point-of-sale system is hacked and the hackers release the stored credit card information of your customers, this policy would cover the cost of notifying your customers, investigating the incident and providing credit monitoring services. It would also cover legal fees or settlements if a customer sues your business as a result of the incident.

The best cyber insurance carriers in the market today, however, are more than a backstop to financial loss, says Lipton of AmTrust Financial Services. These insurance companies will not only provide a comprehensive policy, but will also help evaluate your systems, offer advice on how to better protect your data, and connect you with additional security partners or vendors in their network.

Look for a carrier that’s volunteering to be your partner in cybersecurity strategy, Lipton says. Insurance is “a critical component of the cybersecurity strategy, but it’s just one piece.”

This article was provided to The Associated Press by the personal finance website NerdWallet. Randa Kriss is a writer at NerdWallet. Email: rkriss@nerdwallet.com.

RELATED LINKS:

NerdWallet: Cybersecurity insurance: What it is, which businesses need it https://bit.ly/nerdwallet-cybersecurity-insurance

FCC.gov: Cyberplanner https://www.fcc.gov/cyberplanner

SBA.gov: Find cybersecurity events https://www.sba.gov/events/find?dateRange=all&distance=200&q=cybersecurity&pageNumber=1

Copyright 2022 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.

0 Comments
0
0
0
0
0

Tags

Be the first to know

* I understand and agree that registration on or use of this site constitutes agreement to its user agreement and privacy policy.

Related to this story

Most Popular

Biden announces program offering discounted internet service

Biden announces program offering discounted internet service

President Joe Biden says 20 internet companies have agreed to provide discounted service to people with low incomes. The program announced Monday at a Rose Garden event at the White House could effectively make tens of millions of households eligible for free service. The $1 trillion infrastructure package passed by Congress last year included funding that provided $30 monthly subsidies on internet service for millions of lower-income households — $75 in tribal areas. Some 48 million households will be eligible for $30 monthly plans for service at least 100 megabits per second. Biden says high-speed internet access is a necessity, not a luxury.

Hackers hit web hosting provider linked to Oregon elections

A week before Oregon’s primary election, the secretary of state’s office is moving to protect the integrity of its online system where campaign finance records are published after a web hosting provider was hit by a ransomware attack. Secretary of State Shemia Fagan’s office said people inputting records into the ORESTAR state campaign finance reporting system may have been affected, and have been sent detailed instructions on how to proceed. Her office reassured voters that the Oregon Secretary of State systems themselves have not been hacked, and no systems related to elections administration have been compromised.

Asian stocks follow Wall St down on rate hike, economy fears

Asian stocks follow Wall St down on rate hike, economy fears

Asian stocks have followed Wall Street lower as fears increased that U.S. rate hikes to fight inflation might stall economic growth. Market benchmarks in Tokyo, Hong Kong, Seoul and Sydney fell. Shanghai advanced. Oil prices fell more than $1 but stayed above $100 per barrel. Wall Street’s benchmark S&P 500 index tumbled 3.2% on Monday, hitting its lowest point in more than a year. The Federal Reserve is trying to cool inflation that is running at a four-decade high might trigger an economic downturn. That adds to pressure from Russia’s war on Ukraine and a Chinese slowdown.

Tesla recalls 130K vehicles; touch screens can go blank

Tesla recalls 130K vehicles; touch screens can go blank

Tesla is recalling about 130,000 vehicles across its U.S. model lineup because the touch screens can overheat and go blank. The recall covers certain Model S sedan and Model X SUVs from 2021 and 2022, as well as Model 3 cars and Model Y SUVs from 2022. Documents posted Tuesday by the National Highway Traffic Safety Administration say that during the fast-charging process, the central processing computers may not cool sufficiently. That can cause the computer to lag or restart, making the center screen run slowly or appear blank. Without the center screen, the cars can lose rearview camera displays and settings that control windshield defrosters, increasing the risk of a crash. Tesla is fixing the problem with online software updates that began on May 3. 

Running Twitter may be much harder than Elon Musk thinks

Running Twitter may be much harder than Elon Musk thinks

On Tuesday, Elon Musk said he would reverse Twitter’s ban of former President Donald Trump, who was booted in January 2021 for inciting violence at the U.S. Capitol, should he succeed in acquiring the social platform for $44 billion. But the day before, Musk also said he agrees with the European Union’s new Digital Services Act, a law that will require big tech companies like Twitter, Google and Facebook parent Meta to police their platforms more strictly for content like hate speech and disinformation. Critics say the apparent contradiction underscores the steep learning curve awaiting the world’s richest man once he encounters the complexity of Twitter’s content moderation policies.

U.S. sanctions North Korean cryptocurrency mixing firm

U.S. sanctions North Korean cryptocurrency mixing firm

The U.S. has sanctioned North Korean digital currency mixing firm Blender.io, which allegedly uses its service to launder stolen virtual currency and support malicious cyber activities. Mixing services combine various assets, including potentially illegally obtained funds with legitimately obtained funds, and spit them out to a destination address. The purpose for illegal actors is to obscure the origin of the funds. Blender is accused of assisting Lazarus Group, a sanctioned North Korean cyber hacking group, to carry out a $620 million digital currency heist in March. Treasury says Blender helped process over $20.5 million in digital currency. 

California lays out plan to drastically cut fossil fuel use

California lays out plan to drastically cut fossil fuel use

California air regulators said Tuesday the state should cut petroleum use by 91% by 2045 in order to achieve ambitious climate change goals. The plan released by the California Air Resources Board sets a roadmap for the state to be so called carbon neutral by that year. That means as much carbon is removed from the air as is emitted. California's 2045 deadline is among the most ambitious in the nation. The plan says the state could reach its goals through a drastic reduction in the use of oil and gas to power buildings and vehicles plus the use of technology to capture and store emissions that remain.

Condition of some US dams kept secret in national database

Condition of some US dams kept secret in national database

The condition ratings of thousands of dams across the U.S. remain a secret despite changes to improve the transparency of a national database. The U.S. Army Corps of Engineers used to withhold condition assessments from its National Inventory of Dams because of security concerns stemming from the Sept. 11, 2001, terror attacks. Under a recent policy change, condition assessments and hazard ratings are available for more than one quarter of the 92,000 dams in the inventory. But the Corps still allows federal agencies and states to keep some information confidential. That means conditions still aren't being made public for some of the nation's biggest dams.

Britain pushes tough tech rules under new digital watchdog

Britain pushes tough tech rules under new digital watchdog

Big tech companies like Google and Facebook parent Meta would have to comply with tough British rules under a new digital watchdog aimed at giving consumers more choice online. Otherwise, they would face the threat of big fines. The U.K. government on Friday outlined the powers it’s planning for its Digital Markets Unit, a regulator set up last year to take on the dominance of tech giants. It didn’t specify when the rules would take force, saying legislation would come “in due course.” The new watchdog would enforce rules that make it easier for people to switch between iPhones and Android devices or between social media accounts without losing their data and messages.

Detailed 'open source' news investigations are catching on

Detailed 'open source' news investigations are catching on

News organizations are using sophisticated new technologies to transform the way they conduct investigations. Much of it is publicly available, or “open-source” material from mobile phones, satellite images and security cameras, but it also extends to computer modeling and artificial intelligence. A reporting form that barely existed a decade ago is becoming an important part of journalism's future. The New York Times, which has sent part of its open source team to Ukraine to supplement traditional reporters, is a leader in the field. The Washington Post just announced that it was adding six people to its video forensics team, doubling its size.

Watch Now: Related Video

Why you should stop putting watermelon in the fridge

Get up-to-the-minute news sent straight to your device.

Topics

News Alerts

Breaking News