Small businesses are often seen as prime targets for hackers since they tend to have fewer resources to protect against and mitigate cyber threats. Data shows that roughly half of cyber attacks specifically target small businesses, and 70% of small businesses feel unprepared to handle one.
At a time when most businesses are operating in a primarily digital environment, business owners must proactively defend themselves against phishing schemes, malware attacks and other intrusions by putting the right plans and systems in place to prevent cybercrime before it occurs.
In our eleventh installment of CO— Blueprint, our content director Jeanette Mulvey asks a panel of experts how small businesses can navigate this new, remote environment where cybersecurity is more important than ever.
Educating employees on cybersecurity is your first line of defense.
The sudden shift to fully-remote work during the COVID-19 pandemic meant that many businesses, including enterprises, weren't fully prepared to handle the cyber risks involved.
"It's a real challenge for them to keep up," said Maitland Muse, EVP of global channels and strategic alliances at AppGuard. "It's not just small businesses Enterprises in general were not prepared for this shift in how we operate, [with] so many users … [introducing] so many new things into their networks."
Among the most common cyber threats to businesses are sophisticated phishing and ransomware attacks that are designed to look like legitimate business communications from clients and colleagues.
"If employees aren't trained correctly [and they] clicked something that looks right, because it's from a friend or a colleague … that one click can put me out of business, especially if [hackers] get through and hold my systems hostage," said Muse, who noted that about 60% of SMBs are forced out of business after a cyber attack.
[Read: Newly Remote Workforce? Take These 4 Cybersecurity Steps Now]
Muse advised small businesses to take the time to look at their existing security posture and make sure employees understand threats, since they're your first line of defense.
"Make it a routine practice, regardless of the size of your business," Muse told CO—. "It's got to be a very heightened sense of awareness and constant communication … to explain the potential impact."
"Invest in your employees and training and talking about these things," added Marni Pastor, COO of Flexable. "It doesn't cost anything [to have] that dialogue and … [make] people aware of basic things like phishing."
Choosing your cybersecurity partners is all about trust.
Pastor's company, Flexable, had to move its on-demand childcare service to a fully virtual model when the pandemic hit — and that shift meant the business had to think about online security on multiple levels.
"Childcare is all about trust," Pastor explained. "We had to be thinking about earning that trust … both with parents — they have to be comfortable leaving their child with us in front of a screen — [and] with companies [that] provide us with access to information about their employees. They need to know we're trustworthy with that information."
Flexable has worked to create that trust by leveraging secure web apps like Google Cloud to ensure client safety through advanced security features like end-to-end encryption. Pastor noted that the right cybersecurity partner should instill a sense of trust and credibility, both internally and with your clients.
"We can say, 'Hey, here's who we're partnered with. We trust our data with them; you [can] trust your data with them,'" she said. "That helps us to establish that credibility with the companies that are going to want to partner with [us]."
Small security steps can make a huge difference.
When Joanne Sanders, president of EWISE Communications, realized her marketing agency had become the victim of a spoofing and phishing attack, her entire company banded together to brainstorm and put new processes in place to prevent future incidents.
"We created … categories of things that were impacting us [and] creating that vulnerability," said Sanders. "We identified all the systems that were where we had vulnerabilities. We then identified inconsistencies with our employees … [and] their knowledge gap … because everybody had different understanding of what spoofing was."
[Read: Security Threats Your Business Should Be Preparing for Now]
Once Sanders and her team identified these risk factors, they began taking action to ensure their systems were "maxed out" on their cybersecurity options. The company also took some more drastic steps, like moving off a shared website server to better protect its data and appointing different members of their team to research and educate each other on different cybersecurity threats.
"A lot of small moves made a huge difference," Sanders said.