If you're a small business owner, you might wonder why a hacker would be interested in compromising your security and going after your assets. You might conclude that they wouldn't be, given how little you have, compared to larger stores like Target and Home Depot, both of which made the news when they were hacked in 2013 and 2014.
At one time, this might have been the correct conclusion. Today, though, this is not the case. According to an infographic from Towergate Insurance, 60 percent of cyberattacks in 2014 were directed toward small and medium-sized businesses [1].
Why hackers love small businesses
Inc. Magazine explained hackers like small businesses because they typically have weak online security [2]. Businesses are being pushed online as consumer shopping trends change. Many are doing more through cloud services than ever before, which makes them easy targets.
Additionally, as Business News Daily pointed out, small businesses might not have much compared to large corporations, but they certainly have more assets than the average individual [3]. Paired with weak business security, hackers know they can easily access a good amount of sensitive information through a small business.
Plus, some small businesses work with Fortune 500 companies, with much more valuable information. This small business' information can bring a hacker one step closer to gaining access to one of these larger companies.
Since small businesses are valuable targets for many hackers, it's important that business owners know how to protect their customers and their business from attacks.
Outsource to who does it better
As a business, you are good at what you do. However, unless you are a cybersecurity company, chances are, you aren't so great at this. Forbes writer Karsten Strauss explained small businesses that use a third party to protect their data are often more secure [4].
Strauss explained the dilemma small-business owner Kevin Stecko was in after his online t-shirt company, 80sTees.com, got hacked. After the breach, he decided to hire a credit card processor, an order management platform and an ecommerce platform, all of which follow Payment Card Industry regulations. By using these three services, 80sTees.com no longer has any need to store information about credit cards. Together, Stecko pays about $7,000 a month, but this is much less than if he had tried to do all of it himself. Plus, the high monthly fee is worth not being at risk for another breach.
Use strong passwords
According to Towergate Insurance, one of the top vulnerabilities companies have that hackers can take advantage of is weak or common passwords. These allow hackers to work their way into a system relatively easily, without the need of more advanced technology.
The Federal Communications Commission advised small businesses to set strict requirements for employee passwords [5]. This includes having a time limit for how long the password is valid - typically this is three months.
Some businesses might consider implementing a multi-step authentication system for gaining access to sensitive information. If you work with a third party, such as a financial institution, ask if they offer a multi-step verification method you can use.
Your Wi-Fi network should also have a strong password. Further, your network should be secure, hidden and encrypted, according to the FCC. To do this, it will need to be set up so the Service Set Identifier is not broadcast for others to see.
Keep control of access
Granting all employees access to all systems can be dangerous, especially if the information falls into the wrong hands. The FCC recommends dividing up access to various systems among trusted employees, making sure no one person has access to everything. The information they have access to should be based on what they need specifically to perform their own job.
It's also a good idea to make sure that software can only be installed with permission. Only trusted IT and other key employees should be allowed to install software and do other administrative tasks.
Limiting physical access to these systems is also a good idea. If your business has laptops that employees use, be sure they are locked up when not in use. Also, be sure that all account login information follows the same rules as you have for passwords: They should be unique and changed every three months.
Want to do even more to protect your business? Check out this article for 12 tips to keep your business and customer information safe.
Sources:
[1]. SMEs and Cyber Attacks; What You Need to Know
[2]. Why Your Business Might Be a Perfect Target for Hackers
[3]. Cybersecurity: A Small Business Guide
[4]. How Small Businesses Can Improve Their Cyber Security
[5]. Cybersecurity for Small Business