You may have heard news accounts about the increase in hacks, scams, malware attacks, viruses, ransomware, and other online assaults. A recent report showed that these attacks now happen with alarming frequency—in fact, there are about 720 cyber attacks per hour.
The situation has gotten worse since the pandemic. As technology has become more and more vital in our professional and personal lives, more people and businesses have become vulnerable to scams. Hackers took advantage of many of the quickly assembled platforms that businesses set up to let their staff work from home.
Oregon Small Businesses Struggle to Fight Cybercrime
While hospitals and other emergency service providers have fallen victim to cybercriminals more and more often, they are not alone. Preventing and mitigating damage from cyberthreats has become a way of life for organizations, from the most familiar names worldwide to everyday Oregon small businesses.
Technology is a vital tool for businesses of all sizes. So no business, large or small, is immune from the efforts of hackers to intrude, wreak havoc, and steal sensitive information for financial gain.
In fact, almost half of all cybercrime involves businesses with fewer than 1,000 employees.
Whether or not your own small business has in-house cybersecurity or IT experts, it’s vital to take steps to protect your data security and guard against ransomware attacks and other types of online crime.
And whether you are dealing with patients or business customers, Oregon small businesses have a duty to protect the personally identifiable information (PII) of their stakeholders. Such information includes things like:
- Social Security number
- Telephone number
- Credit card or other financial information
- Email address
- Individual account number or code
Even if small businesses don’t keep PII about their customers, they most likely have intellectual property worth protecting. On top of that, they need security solutions to ensure that their employees don’t fall prey to online hacking predators.
That means Oregon business owners and their IT leaders need to look strategically at their risk management and cybersecurity strategies.
How Can Your Small Business Protect Itself from Cyber Attacks?
Recognizing the vulnerability of Oregon small businesses to cyber attacks is a huge step in launching a defensive strategy against hackers. What Are Common Threats To Critical Information?
Cyber Attack – Viruses, Spyware, Trojan Horses (Malicious Code), DDoS, Phishing, Ransomware, Brute Force, Social Engineering (The number and sophistication of attacks compounds daily.)
Natural Disasters – Earthquakes, Extreme Weather Events (Hurricanes, Floods, Tornadoes), Fire
Man-made Events – Terrorism, Civil Unrest, Theft, Corporate and State-Lead EspionageHere are four cybersecurity tips to help your small business stay safe in these dangerous digital times.
Once you know what your organization is up against, you need to get started protecting your customers and your small business. Here are five cybersecurity tips to help your small business stay safe in these dangerous digital times.
Tip 1: Make cybersecurity everyone’s job.
Making cybersecurity a priority in your employee training is essential. The Federal Communications Commission (FCC) recommends establishing basic security practices and policies to help reinforce that all employees’ efforts are crucial to maintain cybersecurity.
Here are some key topics to cover:
- Strong password security protects against hacking
- Recognizing phishing emails and social engineering attacks
- Appropriate internet usage guidelines
- Not sharing personal information publicly on social media
- Encourage regular backups of data with version controlled backups
- The dangers of internet downloads
- Keep all software and operating systems up to date
- Require the use antivirus/malware on all devices
- Review all websites and look for the “s” in “https”
- Information security and the handling of confidential information, including PII and HR data
According to a report by IBM and the Ponemon Institute, the average data breach cost for businesses with fewer than 500 employees is $2.98 million, and the average cost per breached record is $164. And the ongoing cleanup in the aftermath of a security breach can also be costly because of the loss of personal and financial data, as well as customer trust and confidence.
Ensure that all new employees take an initial cybersecurity training class, and then provide frequent updates via in-person or online training, along with reading materials.
Tip 2: Develop a strong password protocol that everyone follows.
Strong passwords are the first line of defense in protecting your systems, preventing unauthorized access to your small business accounts and devices.
Try incorporating these types of cybersecurity into your password strategies:
- Require strong passwords that are long and complex, incorporating numbers, letters, and symbols. Emphasize the importance of creating unique passwords and never using the same password twice.
- Work to implement two-factor authentication. 2FA requires two distinct forms of identification to access a device, account, mobile app, or system.
- Use a password management system like Dashlane or 1Password to help your team keep complex passwords secure, especially when allowing sharing across users.
- Keep all systems current. Having up-to-date security software, web browsers, and operating systems is critical in defending against viruses, malware, and other threats online.
- Stay consistent, practicing what you preach to your small business employees. Ensure that all internal and external employees understand and follow your cybersecurity protocols, and do so yourself!
Tip 3: Use firewall security for your internet connection.
A firewall is a network security system composed of programs that monitor and control incoming and outgoing private network traffic. It’s a barrier—a firewall—between your trusted working network and an external, untrusted network, like the internet.
A firewall not only works within your small business’s physical location, but it also works for anyone working remotely, providing endpoint security. This way, you can provide employee access while ensuring that their home or other working space is protected.
You should also ensure that your business’s Wi-Fi network is secure, encrypted, and hidden, preventing your network from broadcasting its service set identifier (SSID).
Tip 4: Implement a data backup system in case of emergency.
You just can’t predict all the ways your sensitive data might become compromised. Whether you experience a natural disaster, a ransomware attack, or another kind of cybersecurity attack that would make your data irretrievable, your small business needs to be ready.
Implement a system to back up your company, customer, and employee data regularly. This critical data includes:
- Word processing documents
- Financial files
- Human resources data
- PII for customers or anyone else
- Accounts receivable/payable information
If possible, back up your critical data automatically and store copies off-site or in the cloud to ensure access.
Tip 5: Get Support & Training
Small businesses everywhere, including those in Oregon, are as susceptible to data security breaches and other cybercrimes as anyone.
The Oregon SBDC offers free cybersecurity resources and no-cost one-on-one advising sessions for businesses in different stages of development and growth to help you develop, launch, implement, and maintain your small business cybersecurity strategy.
Do you have questions about how we can help your Oregon small business defend against cyberthreats? Get in touch with your local Oregon SBDC at OregonSBDC.org.