There are tens of millions of small businesses in the US (28 million to be precise), and most of them are convenient targets for hackers. Unlike a large corporation, a small business cannot afford a full-blown SOC (Security Operations Center). Many cannot even afford an IT manager!
Small businesses are easily victimized by ransomware. They will pay up the demanded ransom for their files, because the alternative is too painful. A small business will easily be conned by cybercriminals, because the personnel is typically not trained in the ways to handle these attacks. A small business would struggle to afford expensive products and services from cybersecurity companies.
That’s why a small business has to be responsible for its own Internet and computer security.
Here are the things you can do to protect your business from cyberattacks:
Back Up All Your Data
Ransomware attacks are incredibly common these days, because these attacks are simple and profitable. It’s basically a numbers game. Hackers will ask for $500-$1000, they will even bargain sometimes, and small businesses will pay.
There is a simple way to mitigate this attack: back up all your data, both online and offline. If your data is backed up regularly, no ransomware attack would be a problem. Just restore the encrypted files from your backups and move on. No need to pay the hackers.
Cloud backup solutions like Dropbox and Backblaze are easy to use and to setup. However, there is always a small risk of the ransomware finding your online backups and deleting them. But if you also backup to an external hard drive and store that hard drive securely (i.e. only connect it to the computer while performing backup), you get rid of the risk.
Secure Web-based Email
The most common way to get infected with a ransomware is to download a malicious email attachment. Usually the ransomware hides in MS Office files with innocent names. If you never download email to your computer with Outlook, and instead use the web interface of services like Gmail or Office 365, that risk is much smaller. The web services scan all email attachments and in most cases will notify you or your personnel about an infected attachment. They won’t even let you download it unless you really insist.
Secure Web Browser
Always keep your web browser updated and configure it to notify you about malicious sites. This way, if you or your employees somehow stumble on a phishing website, the browser will yell and scream while displaying scary alerts in red. Risk mitigated.
Use a Password Manager
Cybercriminals love to guess simple passwords and they’re good at it. If you use an easy to guess password for your online banking or other essential service, you might get hacked.
The solution is easy. Use a reputable password manager. All of them generate random passwords which are impossible to guess/hack, and you only have to remember one master password.
Careful On The Road
While your organization/office might be completely secure, it is still easy to get hacked while traveling. Just connect your business laptop to an unsecured public Wi-Fi spot in a coffeeshop and your data might get stolen. Leave your business laptop unattended in a conference and a competitor might plug in a malicious USB thumb drive.
The solution is to be more careful on the road. Don’t connect with a business laptop to a public Wi-Fi spot, and if you do, use a good VPN service. Don’t bring a computer with important data to a place where your competitors might also attend, bring a simple tablet or a “naked” laptop instead.
These simple things will make your small business much more secure and they don’t take too much time or effort.