Cybersecurity is a pressing concern for everyone, but small and midsize businesses are even more susceptible to cyberattacks than many might think. According to Keeper Security and Ponemon Institute’s 2018 State of Cybersecurity in Small & Medium Size Businesses (SMBs) cyber attacks on SMBs increased from 61% in 2017 to 67% of respondents in 2018. Worse yet, the average cost of a data breach is nearly $200,000 and leads to 60% of targeted small businesses closing their doors within six months of the attack.
While this might all sound dire (and expensive), we’ve compiled some tips to help you prepare your business against cyber attacks. And we’re not just talking about how to back up your data or create strong passwords. Instead, we’re focused on helping your business develop a culture of security and put some long-term, low-cost initiatives in place to do so.
Leverage Free Cybersecurity Resources
One reason businesses wait too long to invest in security is that it’s seen as an expensive undertaking and one that doesn’t align easily with traditional ROI calculations. But before you hire someone or bring in a consultant to help you increase your security plans, know that there are several excellent free resources that can help you transform your company’s security posture.
And since you’re already reading this article, we think you’ll like them.
- U.S. Small Business Administration (SBA): The SBA provides a wealth of information on a wide range of topics, cybersecurity included. Check out their resource center or take a free self-paced course to learn the basics of cybersecurity.
- Department of Homeland Security: DHS’s Stop.Think.Connect. resources include things like an SMB cybersecurity toolkit and a Small Biz Cyber Planner.
- StaySafeOnline: Powered by the National Cyber Security Alliance, StaySafeOnline has a long list of free security tools curated specifically for SMBs and offers a monthly newsletter with the latest cybersecurity tips.
Put your accounting on autopilot.
Harden Your People
People are, unfortunately, considered the weakest link in cybersecurity. 91% of cyber attacks that result in a data breach start with a phishing email, which means that 91% of cyber attacks start with a person taking the bait. This is why implementing a security training and awareness program is crucial to protecting your business.
This isn’t an issue reserved for giant companies with hundreds or thousands of employees where a phishing attempt could be confused for everyday bureaucracy. Nor is it something that only companies with huge amounts of assets have to worry about. According to Symantec’s 2019 Internet Security Threat Report, in 2018, employees of small organizations were more likely to be hit by email threats—including spam, phishing, and email malware—than those in large organizations.
The more your people are informed and trained on cyber threats and risks the better they can protect themselves and your business. SAB offers a free comprehensive security training and SANS provides daily security awareness tips that you can start using today to transform your employees into human firewalls.
Perform a Risk Assessment
Identifying and understanding the risks that exist in your environment is key to defending your assets. Most security programs are risk-driven. A simple Google search will bring up a plethora of templates and resources to aid your through this process, like this free security assessment for SMBs provided by Avast.
No matter what kind of business you run or how tight the budget is, security can (and should) be a priority for you. The first step toward reducing your business’ cybersecurity risks is education. Once you and your team have learned the basics of security, you’ll be able to develop policies and processes to make sure that everyone takes the same steps toward building a security culture.
Want more helpful tips for managing your business? Find more on the ScaleFactor blog.