The internet has allowed many brilliant creatives to build empires from the comfort of their laptops, particularly in the last several years as the pandemic brought out innovative ideas and kept people home. However, it’s important to note that the world wide web is not a risk-free space by any means.
With cyber-attacks up 424% in 2020 alone, small businesses have risen to the #1 target for hackers and online criminals. The threat is very real, yet studies show that over three-fourths of business owners are not protected against a virtual attack.
There are two things driving this unfortunate trend:
- Small business owners do not have time to safeguard every corner of their online presence.
- Small business owners do not understand cybersecurity and assume they are safe since nothing has happened.
But for an unprotected business, it’s a matter of when—not if. And it’s not just your social media login or email address on the line. Hackers can gain access to your business financials, your clients’ confidential data, and your personal information, leading to viruses, identity theft, and other intrusions.
If your tech landscape could be locked up better, follow these simple-but-effective steps to create a safer environment for your team, your clients, and yourself.
Prepare for risks.
In the same way you never head into an event without a slew of contingency plans, you need to manage the risks within your business as well. Sit down with your team and develop a list of your tangible and intangible assets, ranking them by value (low, medium, or high). This list does not need to be exhaustive; start small and focus on the 5-10 items most significant to your business.
Using the list, consider the threats that could affect the value or integrity of each asset. Then, work through these questions to create an effective risk management plan:
- How likely is this threat to materialize?
- How will I detect if this threat is coming/beginning to materialize?
- What should I do, if anything, to reduce the likelihood of this threat materializing?
- What is the cost/impact if this threat does materialize?
- How can I mitigate this impact?
The answer to these questions will help you prioritize what to address first. If a threat is likely or will result in immense costs, focus on those mitigating efforts before touching low-chance and low-cost concerns.
Be mindful of phishing scams.
All it takes is clicking on one wrong attachment to invite a host of viruses into your computer, your network, and your domain. Phishers send fraudulent emails posing as trusted sources (even people you know!) to encourage you to take action. While you may know never to give out credit card details or social security numbers, today’s cybercriminals don’t need that information to cause trouble in your business.
Instead, look out for emails that ask you to update your account details or reset your password on sites you use. They can look like emails from brands you love and trust, including those you’ve already granted access to your inbox.
Before opening an attachment or clicking any links, check the sender’s address to confirm it’s from a trusted source. Even so, hackers have learned to create facsimile email addresses to trick people, so look for inconsistent branding, grammatical errors, and odd signatures as well. If anything raises a red flag, connect with the sender in a separate email to confirm whether they sent it. Otherwise, delete it—the risk is not worth it!
Develop a company-wide password policy.
It’s time to let go of the old reliable password that you use for everything! It may be easy to remember your childhood pet’s name, but one hack and your whole digital presence becomes vulnerable. Websites are hacked every day, putting entire password databases in the hands of cybercriminals. So, it’s best practice to avoid repeating passwords or using any common information that’s easy to guess.
Instead, take advantage of random password generators like 1Pass or LastPass, so you can generate new passwords without having to remember them (or save them in an unsecured Google Doc or email draft). When available, use multi-factor authentication to increase security—that way, you’ll get a text message for every login attempt, which can alert you to change your password if needed.
Cybercriminals are smart, and always looking for a backdoor to sneak in—so do what you can to lock it up! You don’t need to be a cybersecurity expert to implement these changes; you simply need to care about the longevity of your business and its assets.
If you want to go the extra mile, consider hiring a cybersecurity specialist or investing in cybersecurity training for your team. Your business’s safety must always come first!