You have invested your time, resources, and energy into growing your business. As your business grows more successful, it also becomes more vulnerable to many different types of risk. SMART planning can help you keep your business running if disaster strikes.
There are many potential disasters that can harm your business, and you need to continually protect and be prepared to defend yourself as you grow. While focusing on your core business tasks, it is easy to forget about physical security, operational security, cybersecurity, and other “ankle-biters” that can bring down your business.
Here are some SMART ways you can protect your company through proper risk management. You’ll want to take the right steps to protect, prevent, and prepare for the different types of security risks your business may face.
Cyber attacks are a growing concern for small businesses. According to the FBI’s Internet Crime Report, cybercrimes cost businesses $2.7 billion in 2018 alone. Small businesses are attractive targets because they generally lack the security infrastructure of larger businesses.
According to a recent SBA survey, 88% of small business owners felt their business was vulnerable to a cyber attack. Yet many businesses can’t afford professional IT solutions, they have limited time to devote to cybersecurity, or they don’t know where to begin.
Start by learning about the most common cyber threats, where your business is vulnerable, and taking steps to improve your cybersecurity. Most businesses are moving towards the cloud, which is storing your information on hardware in a remote physical location. You can then can access that information from any device via the internet.
This trade-off in convenience, speed, and lower costs also has its drawbacks. Losing customer data, especially financial information, can cause significant issues for your company. A study found that 65% of your customer base will lose trust in an organization as a result of the breach.
Don’t put your company at risk and leave your reputation up to chance. Cyber attacks are constantly evolving, so it is important to be aware of the most common types of cyber threats.
Malware (malicious software) is an umbrella term that refers to software intentionally designed to cause damage to a computer, server, client, or computer network. Malware can include viruses and ransomware.
Viruses are harmful programs intended to spread from computer to computer (and other connected devices). Viruses are intended to give cybercriminals access to your system.
Ransomware is a specific type of malware that infects and restricts access to a computer until a ransom is paid. Ransomware is usually delivered through phishing emails and exploits unpatched vulnerabilities in software.
Phishing is a type of cyber attack that uses email or a malicious website to infect your machine with malware or collect your sensitive information. Phishing emails appear as though they’ve been sent from a legitimate organization or known individual. These emails often entice users to click on a link or open an attachment containing malicious code. After the code is run, your computer may become infected with malware.
How Exposed Are You to Cybersecurity Risks?
A cybersecurity risk assessment can identify where you are vulnerable and help you create a plan of action. Here are some tools and steps to help.
Planning and assessment tools
Whether an employee or outsourcing to an external consultant, there’s no substitute for dedicated IT support. Even if you can’t afford it, you can still take measures to improve your cybersecurity.
FCC Planning Tool
The Federal Communications Commission offers a cybersecurity planning tool to help you build a strategy based on your unique business needs.
Cyber Resilience Review
The Department of Homeland Security’s (DHS) Cyber Resilience Review (CRR) is a non-technical assessment to evaluate operational resilience and cybersecurity practices. You can either do the assessment yourself, or request an on-site assessment by DHS cybersecurity professionals.
Cyber Hygiene Vulnerability Scanning
DHS also offers free cyber hygiene vulnerability scanning for small businesses. This service can help secure your internet-facing systems from weak configuration and known vulnerabilities. You will receive a weekly report for your action.
Cybersecurity Best Practices
Train Your Employees
Employees and emails are a leading cause of data breaches for small businesses. Training employees on basic internet best practices can go a long way in preventing cyber attacks. Training topics to cover include:
- Spotting a phishing email
- Using good browsing practices
- Avoiding suspicious downloads
- Creating strong passwords
- Protecting sensitive customer and vendor information
Raise Cybersecurity Awareness
Consider displaying materials in your workplace to raise awareness about cybersecurity. The Department of Homeland Security’s “Stop.Think.Connect” campaign offers posters, brochures, and other materials for download.
Maintain Good Cyber Hygiene
Use antivirus software and keep it updated
Make sure each of your business’s computers is equipped with antivirus software and antispyware and updated regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install updates automatically.
Secure your networks
Safeguard your Internet connection by using a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
Use strong passwords
Using strong passwords is an easy way to improve your cybersecurity. Be sure to use different passwords for your different accounts. A strong password includes:
- 10 characters or more
- At least one uppercase letter
- At least one lowercase letter
- At least one number
- At least one special character
Multifactor authentication requires additional information (e.g., a security code sent to your phone) to log in. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.
Protect Sensitive Data and Back-Up the Rest
Back up your data
Regularly back up the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Back up data automatically if possible, or at least weekly, and store the copies either offsite or on the cloud.
Secure payment processing
Work with your banks or card processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations related to agreements with your bank or processor. Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet.
Control physical access
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
Work With Experienced People
There are many different industries with different laws and different requirements. When arranging security measures, you must work with experienced professionals. This is true whether you run a financial business, home health care business, an eCommerce business, or a cannabis business that requires specific Cannabis Security Plans.
These professionals help ensure legal practices that cover your business in the event of theft or disaster. Working with experienced people is highly beneficial regardless of your experience. They can offer a different point of view and help you analyze threats differently. They can also offer advice you may not previously consider.
As a business owner, it’s your responsibility to do everything within your means to limit risk, protect your business, and to keep it running smoothly. Understanding the different types of risk will help you limit your risk exposure, have a plan of action in place, and prevent you from doing or saying something you shouldn’t.