In mid-June, the nation celebrated the contributions and achievements of small and mid-sized businesses (SMBs) with the 50th anniversary of National Small Business Week (NSBW). President Obama paid tribute to the spirit of small business owners, highlighting the critical role that SMBs play in the U.S. economy.
There are over 28 million small businesses in the U.S. today, making up nearly 45 percent of total U.S. private payroll.During NSBW, President Obama explained the importance of SMBs on the U.S. economy and how SMB growth is critical for job creation and economic support. Despite their critical role, many SMBs have limited time, budget and resources. And as a result, might be vulnerable to an often-unforeseen threat: cybercrime.
The latest industry statistics show that SMBs are increasingly victimized by cyber-attacks:
- Nearly 75 percent of data breaches target small and medium-sized businesses1
- The average cost of a data breach is $214 dollars per compromised customer record2
- More than 60 percent of SMBs will be forced to close their doors within six months of an attack3
- Only 17 percent of SMBs take precautionary measures to secure company data on personal devices4
For small business owners, protecting their business, customers, employees and assets doesn’t have to be expensive or complex. To get started, here’s a 10-step checklist of security precautions all SMBs should put into effect immediately and assess quarterly to ensure their business is protected implement:
#1 Train your employees
The first step to creating a secured business is educating your employees on how they can better protect their devices and personal data. Keeping employees informed on cybersecurity threats will limit weak links in your business environment.
Employees should use strong passwords for each of their accounts so cybercriminals are unable to hack into company data or send dangerous emails/links across your network.
SMB owners should offer trainings to educate employees on the types of emails, websites and behaviors to avoid while using company-owned devices or accessing sensitive company data. A simple click of an infected link can jeopardize your entire business.
#2 Know your data
Do you know where all your confidential information is stored? Do you know who has access to it?Your customer data, company and employee information and intellectual property is as valuable as money, so limit access to a need-to-know basis and secure your data with trusted layered security solutions to prevent a data breach.
#3 Know your devices
Most employees use company-supplied phones and laptops – and most employees aren’t aware of the confidential business data stored on these devices. From emails to Word documents to text messages, it is important that all devices used for work-related activities are identified and secured. This includes all internal and external hard drives, portable storage devices, servers, phones and tablets, which need to be protected.
Only 17 percent of SMBs take any precautionary measures to secure company data on personal devices. With more employers adopting bring-your-own-device (BYOD) policies, the need for security is even greater. Once a device leaves the business environment, it is even more vulnerable to a security breach. For example, the owner may use it at home to play online games and surf risky sites, putting any sensitive business data stored on the device at serious risk.
#4 Protect your network
With the growing global footprint of high-speed Internet access, employees are able to connect to their company network from a myriad of places. An unsecured network is an easy target for cybercriminals and it is essential for SMBs to use a virtual private network (VPN) for those working remotely,install single sign-on software for unique passwords and firewalls for all other employees.With a VPN, individuals who work remotely have secure access to network resources even though they are not physically on the same local-area network.VPNs secure the Internet connection to ensure all data sent and received is encrypted and protected from prying eyes.
#5 Secure physical devices
Devices need more than data, email and web security,they also require physical security.Unused or old devices should be kept in a locked room. Also, any data on used devices should be properly saved on servers and then wiped clean.
Servers should also be kept in a locked room with limited access. The best policy is to ensure the only people with access are those responsible for maintaining and updating the servers.
#6 Keep your facilities safe
Some cybercriminals are bold enough to walk straight through your company’s front door, unnoticed,and into the server room. To prevent unauthorized access, keep track of anyone entering and leaving your office at all times, use a sign-in sheet and require valid proof of identity. Additional physical security precautions include locking important rooms and all devices at night and, if possible, managing all entry and exit points of your building by requiring employee badges for access.
#7 Protect your website and ensure safe browsing
More than 73 percent of SMBs say a safe and trusted Internet is critical to a successful business.
It is important for SMBs to secure their company website to protect both customers and employees from threats on sites they visit. Ensure a safe browsing experience for employees by deploying a real-time web filtering security product. To give customers a stronger sense of security use a well-known trustmark,such as McAfee SECURE, Better Business Bureau or Chamber of Commerce. These trust marks are images or logos online businesses can place on their websites to show their site has passed security and privacy tests and is safe to use.
#8 Create clear cyber security policies
Email has become the predominant method of exchanging large files and sensitive data, unfortunately, many employees are unaware of how to secure important documents when emailing them to establish precise,written policies and procedures for all employees to follow.
The widespread growth of social media has created a massive opportunity for cybercriminals. Unsuspecting users are lured by Friend requests and other methods to trick them into unknowingly download malware. To protect themselves and their employees, more than 52 percent of organizations experience an increase in malware attacks as a result of employees’ use of social media. SMBs should maintain a clear policy for activity on these channels whether the employee is using a BYOD or company-supplied device.
The best way to avoid a social media attack is through education. Clearly convey to your employees the risks associate with social media sites, share recent news articles about Facebook and Twitter cyber-attacks, help them understand the potential impact to both the business and to their personal data.
#9 Properly dispose of end-of-life devices and documents
All employees should be advised of the necessity of proper disposal of used devices and outdated documents. Dumpsters are prime hot spots for criminals in search of sensitive information. Shred paper documents or send them to a secure facility to be properly disposed.
Digital documents and data also require proper disposal.Digital shredding all hard drive data is the only way to ensure your old device is wiped of all sensitive, company information and cannot be retrieved by clever cybercriminals.
#10 Screen employees thoroughly
Potential employees should receive a thorough background check, including full-time, part-time and seasonal workers. Anyone who has access to your network or physical documents, even just temporarily, can put your company at risk.
While larger corporations have more resources at their disposal to bounce back from data breaches, SMBs often have limited options to handle such an attack. From stolen financial information to compromised customer records to hijacked intellectual property, the potential cyber threats that can drive SMBs to bankruptcy are endless. It’s time that SMB owners take action and invest in the future of their business with a comprehensive security solution, one that protects your devices, email and web activities.
Monica Hamilton is Director of SMB Product and Solutions Marketing at McAfee, the world’s largest dedicated, security technology company. Monica is passionate about helping SMBs, responsible for defining McAfee’s SMB product marketing and communications strategies: and optimizing business plans and product positioning to build market awareness and deliver fulfilling customer experiences. A recognized industry leader and self-described security geek, Monica also acts as global product, market, and customer evangelist for McAfee SMB solutions.
1 McAfee. “5 Steps to Building a Stronger SMB,” April 2013.
2 McAfee.“The New Reality of Stealth Crimeware,” 2011.
3 Wall Street Journal. “Most Small Businesses Don’t Recover From Cybercrime,” March 2013.
4 Dimensional Research. “The Impact of Mobile Devices On Informational Security: A Survey of IT Professionals,” June 2013.
Image courtesy Intel Free Press
This is on the same threat level as identity theft. So many small business owners are too busy to even have this on their radar, but man this is a real threat. Great article, thanks!