As if a global pandemic weren’t enough to raise the stress of small businesses owners, cyber attack is increasingly posing a critical threat to the stability of many small businesses. In its 2020 Internet Crime Report, the FBI noted that internet crime complaints jumped a staggering 69.4% in a single year with reported losses exceeded more than $4.2 billion. The top three crimes reported were phishing scams, non-payment/non-delivery scams, and extortion. In addition, the FBI received 19,369 Business Email Compromise/Email Account Compromise complaints with adjusted losses of over $1.8 billion.
October is “Cybersecurity Awareness Month” in the United States and, in recognition of the observance, below are a few tips that you can adopt to help cyberproof your business.
- Encourage Common Sense Internet Safety. Research has shown that most cybersecurity breaches are due to human carelessness. You can take steps to reinforce proper netiquette and averting a cyber mishap by refreshing your team on internet safety basics such as not to open or forward mail from suspicious senders, use strong passwords, avoid downloading strange files, examine the sender email address to make sure it’s from a true account, and keep office software updated.
- Establish Easy Cyber Incident Reporting. Employees are your front line when it comes to thwarting a major cyber incident. Give your team an easy, no-judgment way to report suspicious incidents whether its by simply sending a quick email to you or filling out a brief form. With many employees working remotely, it is more important than ever that your team has a clear understanding of when and how to report on a possible breach. And encourage them to take action even if they think it might be a false alarm – time is of the essence.
- Plan for a Breach. The proliferation of technology tools has made it easy for any motivated cyber thug to target your business, and small and microenterprises are especially vulnerable to attack due to their limited risk management and cybersecurity resources. Forget the idea that you will be able to fend off all attackers and instead focus on Cyber Resiliency. You can do this by identifying what your key business data and processes are, taking steps to secure or backup those processes, and creating a plan of action on what you will do when an incident occurs, such as business email compromise, ransomware or malware attacks.