Small businesses often assume hackers have bigger fish to fry when it comes to cyberattacks. Why go after a small appetizer when enterprise-sized entrees are available?
According to a 2019 analysis, however, small businesses represent 43% of all cyberattack victims.1 That percentage is only expected to increase, since small and medium-sized businesses (SMBs) typically lack the in-house resources to detect and prevent cyberthreats. In fact, attackers can often infiltrate networks and steal data before SMBs know what happened.
Fortunately, you don’t need a huge budget or full-time IT staff to shield your operations from attack. Below are six actionable cybersecurity tips you can implement today.
- Update passwords ASAP and often
The passwords you use to secure hardware, software, and business accounts represent the first line of defense against cyberattacks. The problem is that some businesses never bother to update the default passwords that ship with these products (e.g., admin1234). Others simply use easily guessable passwords (e.g., abcdefg).
If your team falls into either of these categories, this increases the risk of a data breach within your organization. Making access much more difficult, however, is simple. Require every team member to update any default or weak passwords with stronger ones containing a mix of lowercase and uppercase letters – plus numbers and symbols. Additionally, make password updates more frequent — every 60 to 90 days or even sooner.
- Adopt Two-Factor Authentication (2FA)
Even the strongest passwords in the world can be guessed or stolen. Once that password is compromised, criminals gain unrestricted access to that “protected” data – whether it’s your email, financial records, or social media account.
Using 2FA adds a layer of security. In addition to a password, 2FA might require that you input a one-time code sent via email or SMS text.
Other popular 2FA options include:
- Biometric verification (e.g., fingerprint scans)
- Security questions (e.g., your high school mascot)
- App-generated code (e.g., Authy)
Note that 2FA doesn’t automatically provide comprehensive protection. After all, a truly determined criminal could theoretically obtain your password and the make and model of your first car. Requiring additional verification steps makes it harder for thieves to scale their operations using automation and bots.
- Install patches, updates, and virus protection
Cybercriminals routinely exploit known vulnerabilities in existing software and hardware platforms. The WannaCry attack of 2017, for example, specifically targeted obsolete versions of Windows XP.2 Take some time to install the latest operating system for every server, computer, or smart device in your organization. You should also install any relevant patches – plus anti-virus and anti-malware software.
Again, these measures do not provide guaranteed protection, but they can dramatically increase the chances of hackers redirecting their focus elsewhere.
- Secure your payment environment
Criminals will happily steal any information they can get their hands on – from patient records to social media logins. The “holy grail” for most hackers is financial data. Specifically, they want access to the payment details you capture with each successful sale.
However, you can limit unwarranted access by:
- Working with a PCI-compliant payment processor that specializes in data security
- Swapping legacy POS terminals with more secure EMV credit card readers
- Implementing tokenization and point-to-point encryption (P2PE) to make payment data unreadable by others – even if this information falls into the wrong hands
- Using hosted payment pages so your e-commerce shopping cart never captures or stores any customer’s credit card details
- Use the principle of least privilege
Cybersecurity experts recommend restricting access to company data on a “need-to-know” basis. Also known as the “principle of least privilege,” this doctrine means that:
- Cashiers don’t need direct access to your inventory records
- Accountants may not need to see loyalty program data
- Order and fulfillment teams don’t need to see the company ledger
Compartmentalizing access not only reduces the likelihood of employees stealing data, but it also decreases the number of vulnerabilities through which hackers might gain access to sensitive information.
- Educate team members
Effective cybersecurity depends on staff involvement. With seven in 10 breaches caused (accidentally or maliciously) by insiders, employee education is critical for building and maintaining a strong defense.3
As part of this employee training, you should focus on:
- Encouraging employees to change their passwords regularly. Free tools can help simplify password management
- Educating employees about the dangers of clicking email links or attachments – even those that look like they come from legitimate sources
- Outlining clear policies regarding how to identify and report potential cybersecurity threats
Cybersecurity is about deterrence
A persistent theme throughout this article is that no single cybersecurity measure is enough to thwart a determined thief. Even implementing all of the above tips only offers limited protection. However, the goal is to make yours the only home with two or more locks (on a street where every other house has just one). The more hurdles and barriers you establish, the less inviting you are as a potential cybersecurity target.
Author Bio: Mihir Korke, is the Head of Acquisition at Clover. As a leader in small business credit card processing and POS systems, Clover specializes in restaurant, retail, and personal and professional service payment solutions. With desktop and mobile POS systems, contactless payments, solutions for curbside pickup and online ordering, loyalty and rewards, Clover has multiple solutions to meet your business’s needs.
This is a sponsored feature