Most small business owners believe they are safe from cyber crime. Unfortunately, most are wrong.
As we move into 2020, cyber attacks continue to put companies into the ground. Now more than ever, hackers have all the necessary resources to access sensitive data and steal hundreds, thousands – even millions of dollars. According to Cybint, there is an attack every 39 seconds, with an alarming 43% targeting small businesses. 60% of these organizations go out of business within the first 6 months of being compromised.
If you assumed that your business was safe from attacks due to its smaller size, you are not alone. Most SMB owners believe that hackers focus mainly on large scale companies. Even when this is true, smaller businesses with the right connections are still targeted first, resulting in devastating breaches for ALL parties compromised. As well, lots of hackers will target small businesses simply because they believe it will be easier to bypass their security systems.
We’ve heard it said; knowledge is power. So, let’s take a look 11 common ways employees are exposing their employers to cyber crime:
- Data exposure: Do your employees ever leave their desks unattended without password protection? Do they have sensitive work information on personal devices, such as phones, tablets or laptops? Accidental employee negligence is more common than you’d think. One wrong move could result in harmful exposure.
- Employee data theft: Unfortunately, if employees want the money bad enough, they can steal data themselves. Are you cautious of who has special access to what information?
- Bribery: Hackers can contact specific company members and bribe them to reveal information, or have them plant malware on your company’s network, giving the hacker direct insight without anyone else even realizing it. The longer the malware remains planted, the more exposure you face.
- Passwords: What password management tools do your employees have in place? Do they change their passwords often enough? Maybe they don’t regard the password policy, or use redundant passwords because they don’t think they would ever become a hacker’s target. Anyone is at risk.
- Phishing emails: Phishing scams are often successful because the emails will appear to come from a friend or colleague, but techniques are growing more sophisticated, making them harder to identify.
- Lack of proper audits: Does your company perform regular security audits? Is your staff interviewed from time to time? Audits may sound intimidating, but are necessary to ensure that your policies and procedures remain effective.
- Too much confidence: Often times, cyber attacks end up destroying an organization because no one in the company believed they were truly at risk, and did not take necessary precautions. Overconfidence or being in denial may not serve your business well, as a breach could happen to anyone, and when they least expect it.
- No insurance: Cyber insurance isn’t always at the top of a company’s list, but with a steady rise in cyber crime, breaches have proved to be costly. Although uninsured companies may still feel protected, will they survive in the event of an attack?
- Unqualified IT technician: Basic skills may only get you so far. In the unfortunate event of a breach, is your IT team equipped to handle the situation on behalf of you and your organization?
- Switching off virus or firewall protection: This one may feel obvious. Do your employees keep their anti-virus software updated? It’s easy to ignore the notifications, or shut them off in the middle of a project, but this small switch could make or break a breach in extreme situations!
- Not patching server software and OS updates: Like the anti-virus protection, are your employees continuously patching software, allowing the proper bugs to be fixed? Not only will this improve computer performance, but immediate security vulnerabilities will be updated.
It’s a lot to think about, but don’t let it overwhelm you. You can stay ahead of the game.
How can you prepare your employees for the future?
- Talk about it! Educate all of your employees. Host a training session and have an open conversation about the very real risk (and consequences) of a breach. Chances are, it won’t be taken seriously by everyone unless it is stressed across the board.
- Take time to ensure that all of the necessary file and data backups, firewalls, security settings and antivirus technology are in place so that nobody loses valuable documents.
- Limit employee access to sensitive information. The less information that can be accessed from each individual, the better. Remember, hackers are smart, but you can be smarter.
- Have your employees lock all devices, and report immediately if a device is stolen. Remember, all devices used by employees can give attackers access that they’re looking for.
- Put together a Cybersecurity Incident Response Plan! Make sure that every employee knows exactly what to do – right on the spot. Many attacks are not uncovered until it’s too late, so prepare your company to be ready to take swift action if needed.
- Avoid serious conflict before it even starts by evaluating your hiring process! Make sure your screenings and background checks are thorough, and that you know exactly the type of individual you’re looking for.
- Hire the right IT expert for your business! When it comes to cyber security, you simply cannot do it all on your own. Having professional support on your team will keep things running smoothly and safely. Be selective. You want professionals who are capable of meeting your company’s specific needs, and who will work with you carefully to come up with the best plan.
By taking the necessary steps for your business now, you are saving yourself the stress, work, time and financial burdens that are shutting businesses around the world down day by day when cyber attackers strike.