SMBs: Are You Ready for a Data Breach?
It doesn’t matter if you are a business of one or 100, all small and medium-sized businesses are the ideal target for cybercriminals. In fact, more than 60% of small to medium businesses (SMBs) were hit with some form of cyber attack. Just as alarming, 60% of these businesses went out of business within six months of a cyber catastrophe.
So, the question remains: are you ready for a data breach? If not, today’s tips from the Hartford County Chamber of Commerce can help you prepare yourself for how to prevent a cyber intrusion and what to do in the aftermath.
Understanding attacks
There are many different types of cyber attacks. In recent years, many of these have revolved around COVID, social media, billing auto-renewals, and missed deliveries. Most of these attacks utilize a method known as phishing. This involves a criminal impersonating a known contact. They might, for example, send an email disguised as a request for information from a manager, friend, or banking institute. When you click the included link, you’ll be taken to a fraudulent website (that will look legit) where you will enter your information, which is then picked up by a criminal and likely sold on the dark web.
Kaspersky explains that there are many other types of security breaches, including malware, social engineering, and weak passwords. Before you can make a comprehensive plan to keep yourself safe, it pays to get familiar with each type of attack and your business’s digital weaknesses that might allow you to become a victim.
Breach prevention
While there is no way to prevent all instances of cyber intrusion, there are a few best practices that all businesses should implement. These include utilizing cyber security software, only sharing secured files, and restricting access to these files to only necessary employees and vendors.
For data backup, consider utilizing the cloud. According to PC World, you’ll have plenty of options, and these can range in price from free to a relatively inexpensive $75 or less. When sharing files, consider using PDFs. PDFs allow you to implement password protection, and you can find a free PDF merger online that allows you to combine multiple files, which can be organized, edited, and saved by those with access; this may be helpful for merging PDFs. To further restrict access to your systems and files, make sure that all of your programs and hardware are password-protected. You must also require that your employees use strong passwords, which should be around 15 characters and include a combination of symbols, numbers, and mixed-case letters. Passwords should be changed routinely, and they should never be shared with anyone.
Response plan
No matter how diligent you are at keeping your business's digital data secure, there is always a chance that your data will make it off your servers and into the wrong hands. In this case, you need to have a breach response plan. Tips here include identifying weak spots, discussing with your staff, clients, and customers what happened, and implementing a plan of action to restore your systems or limit the damage done by data theft. One of the greatest challenges after an incident is regaining trust. As HelpScout explains, this is a challenge, but it begins with empathy and transparency and ends with you footing the bill for an identity protection plan and incentivizing continued patronage.
Nobody wants to be a victim, but the sheer fact that you interact with digital data makes you a target. To keep your small business as safe as possible, start by knowing your potential threats, and then use strategies, such as only sending password-protected PDFs and requiring strong passwords, to keep your data in the clear. Don’t forget to have a breach response plan in place, and then be as transparent as possible with those affected so that you can rebuild trust within your customer base.