In an increasingly digital world, cybersecurity is no longer a concern exclusive to large corporations. Cybersecurity has also become a critical issue for small and midsize businesses (SMBs). Unfortunately, many SMB owners find themselves overwhelmed when facing cybersecurity challenges, whether they are in the start-up, growth, or maturity phase of their businesses. Small and midsize businesses are particularly vulnerable to cyber threats. According to the 2023 Verizon Data Breach Investigations Report, 46% of all data breaches occurred in businesses with fewer than 1,000 employees. This highlights the critical need for robust cybersecurity practices in SMBs.
Here are five steps that can help you protect your business.
1. Get started today
You do not need a lot of time or extra money to learn about security, but you should understand that doing nothing can put your business at serious risk. A cyberattack can disrupt your business or even bring it to a complete halt. Nevertheless, taking that first step can be daunting. It begins with a mindset shift and your decision to prioritize security beginning today.
2. Understand the basics of cybersecurity
Once you get started, learning about cybersecurity is easier than you think. Cybersecurity news is accessible to all of us. You can broaden your understanding by learning common security terms, such as phishing (sounds like “fishing”), which are fraudulent emails or other communications trying to trick you into sharing your information or getting you to click on a malicious link.
Here is a summary of common cybersecurity do’s and don’ts that can help to secure your business immediately.
- Be aware of phishing, public Wi-Fi, and social media: Verify senders, links, and sources before clicking links, opening attachments, or giving personal information. Understand that what you share on social media could be seen by strangers, who could use this information to trick you into believing that they are someone you know.
- Invest time when downloading apps, keep software updated, and check security settings: Check and verify vendors before downloading apps, install software updates (called patches) immediately, and check privacy settings to ensure apps are not accessing your personal information unnecessarily.
- Lock it down: Use passphrases (which are more complex than passwords but easy to remember, such as “Is1tnext2myfriendMary”), and do not leave your devices unattended.
- Learn more and report anything suspicious: When learning about the latest breach, try to understand how the breach occurred and see if you can apply any new security controls in your business. Always report anything suspicious.
3. Know what data you need to protect
Nowadays, data is worth a lot more than you may realize, and you must safeguard it. Cybersecurity is understanding what you can and must do to protect your data.
To break it down, here are the top three things you should know about protecting data.
- What is your most valuable data, and where is it located? This could be your credit card number, which is found on your physical card, but it can also be on your computer and devices when you make a purchase online.
- What are the ways that someone could get access to this data, and how do you protect it? If someone pretends to be a trusted person you know, called “social engineering,” they could send you a phishing email to get you to click on a malicious link or enter your information on a fake website.
- What should you do if you accidentally click on a malicious link or open an attachment that automatically downloads harmful files to your device? Remember that this can happen to any of us. First, stay calm and immediately change your passphrase for the website or app. Next, report what happened to the appropriate organizations, such as the credit card company or bank, so that they can stop any fraudulent activity on your account. Finally, keeping backups of your data is essential.
4. Build a cybersecurity plan tailored to your business
In cybersecurity, prevention and preparedness are both critical. There is a lot you can do to protect yourself and your business from falling victim to cybersecurity attacks. Thinking ahead, proactively training your teams, and implementing specific safeguards that will help your business are essential for combatting cybersecurity threats. Equally important is having a plan should you experience a breach. Have training sessions to test out your plan because you do not want the first time you execute the plan to be after a serious breach.
5. Talk to a cybersecurity expert
The key is to talk to someone with security experience who can help you understand what you are up against and what your best options are to secure your business. Virtual CISOs (chief information security officers) and security consultants can help you understand your risks and how to strengthen your security posture.
The Cybersecurity and Infrastructure Security Agency (CISA) noted that 60% of small businesses that experience a cyberattack close their doors within six months. While there are no shortcuts in cybersecurity, investing time to secure your business is well worth it.
This content is not intended to provide tax, legal, or financial advice. Please consult your adviser with any questions.
Rinki Sethi is the Vice President and Chief Information Security Officer at BILL, where she leads the global information technology functions. She is also responsible for leading efforts to protect BILL’s information and technology assets and advises the company’s continued innovations in the security space.
Cybersecurity stock image by Harsamadu/Shutterstock