There's a myth about cybersecurity, and it's potentially a dangerous one: only big businesses experience cyberattacks. The truth is that cybercriminals don't attack businesses because they're big—they attack businesses because they're vulnerable. For example, many cyberattacks are automated, with bots crawling the internet looking for vulnerable sites.
The truth, according to Small Business Trends, is that about 43% of all cyberattacks are against small businesses. In fact, 55% of small businesses in a recent survey indicated that they had experienced such an attack in the past year, and only 14% say their ability to mitigate cyber risks and attacks is "highly effective." The stakes couldn't be higher: the impact of such an attack can be devastating, with an alarming 60% of companies going out of business within 6 months of the attack.
What Can Businesses Do?
Those are dire metrics, sufficient to strike fear into the heart of every business. Fortunately, there are proactive steps your business can take to dramatically decrease the odds that you will be the victim of a cyberattack, including the following 10:
- Back up your data: if your system crashes, you need to ensure that your data is safe. That means you need some form of effective data backup—in fact, you should probably have multiple back up strategies. This could be using an external hard drive, keeping copies of important documents on a secondary computer, and using flash drives. Of course, each of these methods has its drawbacks (for example, hard drives can crash, and flash drives can fail). The best strategy is arguably moving your data to reliable cloud storage.
- Use a web application firewall (WAF): web application firewalls (like Sucuri and CloudFlare) will stop many (though not all) attacks. They're particularly effective at preventing distributed denial of service (DDoS) attacks—these make your website unavailable by overloading it with traffic—and protecting your business against cross-site scripting (XSS) vulnerabilities.
- Implement a 2-step verification process: also called two-step authentication, this can make accounts more secure. With 2-step verification, you can only access an account with both something you know (like a password) and something you have (like a code which is sent to your mobile phone). You can augment this strategy by using longer passwords which are more difficult for attackers to crack.
- Encrypt your data: the data you store is increasingly at risk, this because of the interconnectedness of smart devices. One way to protect data is to encrypt it. When data is encrypted, it can only be accessed by someone who can provide appropriate authentication. Google recently launched its BeyondCorp initiative, for example, which requires such authentication, and in this way is helping businesses secure their most important documents and information.
- Store some sensitive data offline: the fact that you can digitize all information doesn't necessarily mean that you should. One approach an increasing number of companies are taking to protect their data is to store some of their most confidential data in physical files.
- Move data to the cloud: moving data to cloud storage can solve myriad problems, and puts that data in the hands of those with the expertise and resources to ensure its security. There is, of course, the risk that cloud storage could make data accessible to some people you wouldn't want to have it. You can solve that problem by establishing robust permission levels, which restricts the number of people who can access it, and by carefully selecting the most reliable cloud services provider.
- Have everyone in your business optimize passwords: when employees create obvious passwords (like "123456," or "password"), you greatly increase the risk that those passwords will be cracked. Educate your workers to test the strength of the passwords they create, and insist that they change their passwords regularly—ideally, at least every 3 months or so.
- Stay on top of current security practices: hackers and cyber criminals are continually updating and improving the strategies they use to gain access to your data, which means security experts are continually updating what they do to protect it. It's important to educate yourself about these practices, perhaps in consultation with your cloud services provider.
- Test your system on a regular basis: to ensure your data remains secure, you should run regular scans to identify potential internal and external security vulnerabilities. The concept is a simple one: if you can hack your data, so can experienced hackers.
- Partner with experts: perhaps the most reliable way to secure your company's data is to outsource the job to experts who specialize in security and can create a holistic strategy, customized for your business. Although there are many common-sense steps you can take on your own, including those listed above, businesses that have deep experience are bound to consider things you won't, and take precautions of which you're not aware.
As the number of business which are hacked continues to increase, it becomes more important than ever to adopt a proactive approach to data security. To learn more about the ways our custom cloud solutions can help you secure your company's data, contact us today.