According to an FBI study, one out of five small businesses will be subject to cyber liability. Depending on the type of threat, the impact could be a loss of over $100,000. Cyber threats overall cost businesses over $1 billion annually, and the trend is increasing. Unfortunately, small businesses are often targeted because they are easier to breach. In this month’s SkillBites Show, Gene Marks, President of The Marks Group, shared several actions that small business owners can to take to minimize this risk.
Gene is a highly regarded columnist for Forbes, Inc. Magazine, Fox Business, The Huffington Post and Entrepreneur.com and the author of six books on business management. He identified the 3 biggest cyber threats to small businesses as
1. Ransomware, where a business has to pay a ransom to gain access to its own files. Typically, someone in the company downloads a malicious files which locks up the entire network of the company so no one can access any files. Once the ransom is paid, the company is given an encryption key to regain access.
2. Bad websites, where someone clicks on a link or downloads a file that causes a virus to download to the person’s computer or the company’s network.
3. Data breaches, where a hacker gains access to a company’s financials, customer list, etc.
Gene discussed eight steps business owners can take to reduce their risk of attack.
1. Run security software such as McAfee or Malware Bytes. This provides a first layer of protection, but hackers are always searching for holes to bypass the software, so it’s not a good idea to stop there.
2. Training of employees so they are less likely to click on links or download inappropriate files. Gene recommended a training site called KnowBe4, a subscription service that provides the training and tests the employees.
3. Run online backup software, such as Carbonite or Masi, where you back up all your files daily offsite, in the cloud, so you have ready access to back up files in case your files are held hostage or your system gets a virus.
4. Get cyber insurance. This is now often included in commercial general liability coverage. Some companies that are subject to confidentiality regulations may not be fully covered, such as healthcare or financial entities. You’ll need to make sure your insurance adequately covers your company.
5. Run operating system updates whenever the notice of an update pops us. Hackers run thousands of bots that look for devices running older systems that are easier to hack and compromise a business’ network. Gene told a story about a hacker who found one old computer in the network of the New York Water System, and almost caused a dam to release all its water, which would have flooded several communities. It only takes one device that hasn’t been updated to open the door.
6. Change passwords periodically, and don’t use passwords like 1234 or ‘password’. The best passwords are phrases, such as “I saw Elton John in 1976” – a combination of lower case and upper case letters and numbers. These are much more difficult to hack.
7. Have an IT firm that has expertise in protecting against cyber threats do an assessment of your system on an annual basis. The few thousand dollars that you spend is well worth it. Look for a local firm that has been around awhile and has good reviews or references.
8. Use cloud-based systems or a managed services company. For instance, QuickBooks has a cloud-based accounting service, and Zoho has several cloud-based programs, from CRMs to project management to calendars. While none of these is 100% secure, they are much more secure than most companies’ own systems.
Have you suffered a cyber attack? What are you doing to protect yourself against cyber liability? Please add your story and best practices in the comment section below.
Gene can be followed on Twitter at @genemarks. His website is marksgroup.net.