Cyber attacks are a growing threat for small businesses and the U.S. economy. According to the FBI’s Internet Crime Report, the cost of cybercrimes reached $2.7 billion in 2018 alone.
Small businesses are attractive targets because they have information that cybercriminals want, and they typically lack the security infrastructure of larger businesses.
According to a recent SBA survey, 88% of small business owners felt their business was vulnerable to a cyber attack. Yet many businesses can’t afford professional IT solutions, they have limited time to devote to cybersecurity, or they don’t know where to begin.
Start by learning about common cyber threats, understanding where your business is vulnerable, and taking steps to improve your cybersecurity.
Cyber attacks are constantly evolving, but business owners should at least be aware of the most common types.
Malware (malicious software) is an umbrella term that refers to software intentionally designed to cause damage to a computer, server, client, or computer network. Malware can include viruses and ransomware.
Viruses are harmful programs intended to spread from computer to computer (and other connected devices). Viruses are intended to give cybercriminals access to your system.
Ransomware is a specific type of malware that infects and restricts access to a computer until a ransom is paid. Ransomware is usually delivered through phishing emails and exploits unpatched vulnerabilities in software.
Phishing is a type of cyber attack that uses email or a malicious website to infect your machine with malware or collect your sensitive information. Phishing emails appear as though they’ve been sent from a legitimate organization or known individual. These emails often entice users to click on a link or open an attachment containing malicious code. After the code is run, your computer may become infected with malware.
Assess your business risk
The first step in improving your cybersecurity is understanding your risk of an attack, and where you can make the biggest improvements.
A cybersecurity risk assessment can identify where a business is vulnerable, and help you create a plan of action – which should include user training, guidance on securing email platforms, and advice on protecting the business’s information assets.
Planning and assessment tools
There’s no substitute for dedicated IT support – whether an employee or external consultant – but businesses of more limited means can still take measures to improve their cybersecurity.
|FCC Planning Tool||
The Federal Communications Commission offers a cybersecurity planning tool to help you build a strategy based on your unique business needs.
|Cyber Resilience Review||
The Department of Homeland Security’s (DHS) Cyber Resilience Review (CRR) is a non-technical assessment to evaluate operational resilience and cybersecurity practices. You can either do the assessment yourself, or request a facilitated assessment by DHS cybersecurity professionals.
|Cyber Hygiene Vulnerability Scanning||
DHS also offers free cyber hygiene vulnerability scanning for small businesses. This service can help secure your internet-facing systems from weak configuration and known vulnerabilities. You will receive a weekly report for your action.
Cybersecurity best practices
|Train your employees||
Employees and emails are a leading cause of data breaches for small businesses because they are a direct path into your systems. Training employees on basic internet best practices can go a long way in preventing cyber attacks.
Training topics to cover include:
Use antivirus software and keep it updated
Secure your networks
Use strong passwords
|Protect sensitive data and back up the rest||
Back up your data
Secure payment processing
Control physical access
Connect with a SCORE, Small Business Development Center, Women's Business Center or Veterans Business Outreach Center adviser.
Together, we can make
your financial goals a reality.
Basic Elements - Legal Text
This material is provided for educational and information purposes only. It is not a replacement for the guidance or advice of an accountant, certified advisor, or otherwise qualified professional.