Cybersecurity Practices Every Small Businesses Should Do
Better Business Bureau • February 1, 2021
The pandemic has forced many people to conduct business from home. Unfortunately, this shift to remote work has also opened up opportunities for hackers. Cyberattacks have grown over 400% since the pandemic started, and many of these hacks target small businesses. Small businesses are often targeted because many don't have a fully-fledged IT department to protect themselves.
Unfortunately, the potential consequences of a breach on a small business are enormous. Approximately 60% of small businesses shut down just six months after a cyber security breach,
because the time and resources required to recover from a cyberattack can be substantial. In short, a cyberattack can result in legal fees, lost capital, or even the loss of trust from a customer base. This is why it is essential for small businesses to take steps to protect themselves.
Here are the top five cybersecurity practices every small business needs to do:
1. Understand your current cybersecurity status
You might be under the impression that you have relatively good cybersecurity, but how can you be sure? It's crucial to audit your cybersecurity status on an annual basis. Your small business likely goes through many changes throughout the year, including the adoption of new tools, new employees, and more. Each change can potentially weaken your cybersecurity. That's why we encourage you to do (at least) an annual cybersecurity audit.
If no one in your business can complete this audit, hire external companies for this evaluation. However, note that having no one who can conduct a cybersecurity audit internally is likely a bad sign. Consider putting someone in charge of cybersecurity and offering to pay for their training. This is an investment in the long-term that can save your business from attack.
2. Train your employees
With the world shifting towards remote work, it's essential to acknowledge how much time your employees work on personal devices or in external locations. As a small business, you may not be able to implement certain cybersecurity practices, such as establishing a VPN network or issuing portable work devices to all employees. Still, your employees are your first line of defense in protecting your company information.
Hackers understand that untrained employees are often the easiest way to get into a system.
- Impersonating an employee within the organization — usually by finding out their name on social platforms or the company website
- Baiting with information that seems internal, that the hacker has actually found online
- Hiding malware downloads in email unsubscribe buttons
- Phishing emails
- Using keyboard capturing techniques to gather passwords
- Internal threats from current or former employees
Approach training your employees on cybersecurity in a smart way. If you simply send your employees an article describing the importance of cybersecurity, you may not get their full attention. Don't just force tutorials or conduct training sessions onto employees without explanation.
Instead, make them understand the potential impact of these attacks and how vital their scrutiny is. Giving your staff background on the dangers present will help them understand why they should care about cybersecurity.
3. Back up important information
It can be devastating to a business to lose critical financial records, customer data, planning documentation, or proprietary information. Some cyberattacks not only steal data, but also wipe and shut down systems too. This is a situation that is almost impossible to recover from.
To avoid this, you must back up all information frequently. If possible, use an automated system that automatically backs up data into a cloud. If this option isn't doable, ensure you go through a data back up at least twice a week.
4. Update systems
A system upgrade can feel annoying when you're in a productive mood — it requires you to stop what you're doing and allow the system to update. However, you must understand why system upgrades are essential and should be done immediately.
Operating systems have built-in functions to help reduce the threat of a cyberattack. However, as the world of cyber threats is continuously changing, operating system manufacturers release upgrades to keep up with the changing landscape. These upgrades are for the protection of your system and any time you delay an upgrade, you increase your risk.
Instill a company-wide policy of always upgrading systems as soon as they need it.
5. Password authentication
Two-factor authentication requires that users verify their identity with a secondary device in a short time frame. The process essentially works as an additional barrier to entry. Someone finding out your password may be likely; someone finding out your password while also having your mobile phone is much less likely.
If you think that your smart, capable employees don't need two-factor authentication, think again. People hate forgetting their passwords and want easy access to their accounts. Unfortunately, this typically manifests itself in the types of passwords they choose. The two most common passwords in 2020 were 123456 and 123456789.
Not so secure at all!
Let's say that you manage to convince all of your employees to have complicated passwords. Unfortunately, that itself isn't even enough protection. Billions of credentials are for sale on the dark web, with U.S. companies being the top target.
Two-step authentication can help your employees keep their accounts secure.
Moving forward
The risks that come with poor cybersecurity are too high. By implementing these five cybersecurity practices, you help to protect your business and its future. You can choose to ignore your cybersecurity, but that doesn’t mean that hackers will ignore you. Be proactive and make sure that you are taking your business’s cybersecurity seriously.
Read more at BBB.org/Cybersecurity.
Executive Director David Cleveland has named Luke Kimbrough as the new Regional Lending Manager for the East Texas Council of Governments (ETCOG). In this role, Kimbrough will oversee the day-to-day operations of the East Texas Regional Development Company’s (ETRDC) small business loan programs. He will work closely with the ETRDC Board, manage financial and administrative services, and ensure the program follows all state and federal guidelines. Kimbrough brings with them more than seven years of experience in banking and employee benefits. Before accepting this position, Kimbrough served as CEO of the Banking Center at Citizens Bank in Gladewater. His previous roles include Vice President at First National Bank of Hughes Springs in Liberty City, Benefits Consultant for Colonial Life in Longview, and Branch Manager for Regions Bank in Kilgore. Before his banking career, Mr. Kimbrough served for several years as the Director of Public Information and Regional Services at ETCOG. “It is a great pleasure for me to welcome Luke back to the ETCOG Family! His exceptional work in the banking community for many years position him for even greater success with our ETRDC Business Lending Programs. I am glad he is back and am even more excited to see the steady growth and expansion of one of our most important economic development programs that will undoubtedly occur under his leadership!” said Executive Director David Cleveland. “I am excited to come back to ETCOG and the East Texas Regional Development Company,” said Kimbrough. “Spending the last decade in banking, I have gained much more experience in financial analysis and commercial lending. There is a lot of work ahead to help the businesses and economy of East Texas.” The ETRDC is a nonprofit organization that is certified and regulated by the U.S. Small Business Administration. Its main purpose is to support local economic development by helping small businesses access long-term, fixed-rate financing. ETRDC offers financing through the SBA 504 Loan Program and Chapman Loan Program.
The East Texas Regional Development Company will sponsor an East Texas Lenders Roundtable hosted by UT Tyler-Longview Small Business Development Center (SBDC) and the Small Business Administration to discuss SBA 7a loans and 504 lending basics. Expert panelists will discuss various loan programs and resources to help businesses increase their portfolios and obtain financing.
The Office of the Governor has announced the launch of a new recovery program, the Texas Travel Industry Recovery Grant Program (TTIR), which will begin accepting applications on July 6, 2022. The purpose of this program is to provide grants to Texas businesses in the tourism, travel, and hospitality industry that were negatively impacted due to COVID-19.
