Cyber attacks on large companies like Target, JPMorgan Chase, Home Depot and Sony brought business cyber security worries right home to millions of customers’ wallets. While small-to-medium sized business owners may be aware of the threat, they often think it won’t affect their business.
The odds are it will. In fact, as large corporations deploy better cyber security measures, hackers are switching to small-to-medium businesses (SMBs).
Think “What next” not “What if”
A recent NSBA survey showed 50% of small businesses reported they had been hacked — up from 44% two years earlier.
The cost of such an attack can be more than financial: sales or delivery processes can be interrupted; your company’s reputation could be irreparably damaged; customers could be victimized.
Just take a look at the price tag from some of the high-profile hacks of 2014: Target’s cleanup cost an estimated $148 million with another $200 million to the financial institutions that had to replace cards and Sony paid $100 million in attack repairs.
For small businesses, the National Small Business Association survey showed the cost of the attacks shot up to $20,752 each, up dramatically from the average cost-per-attack of $8,699 two years ago.
Steps to implementing a strong cyber attack defense
While many of the steps to improve your SMB’s cyber attack defenses can seem too expensive, the cost of doing nothing can be much greater.
But here are some relatively inexpensive tips that can go a long ways to boosting your anti-hacker defenses.
- Change passwords often. While this seems simple enough, it’s pretty important. Just one right password guess can often give hackers access to your company, employees’ or customers’ data. Many experts advise going beyond requiring just a username and password. Consulting company Kivu suggests: “…implementing a multi-factor authentication process for every user. System access can be set up to require not only a log-in and password, but also a second step, such as entering a text code that is sent to the user’s cellphone.”
- Educate employees. It’s important to inform employees of the latest hacker strategies, including the recent trend of “spear phishing.” That’s where the hacker uses an employee’s social media posts to personalize an email in an attempt to infect the company’s email or hack its system. It’s often folks who work in payroll or human resources who are targeted. Your IT department can help gather the most recent cyber attack defense information. You also need to make sure employees know never to click on third-party links or download/open attachments that seem suspicious. Tell them to call the sender if there’s ever a doubt.
- Pick the most secure cloud technology. Perhaps the best way to protect your company’s data is to store it in a third-party vendor’s cloud. It’s what those companies do fulltime, so they likely are better equipped to keep information safe and secure. A good way to vet these cloud companies is to check if they’re certified through the Cloud Security Alliance’s STAR (Security, Trust and Assurance Registry) program — which audits the cloud company’s security controls.
We’re proud to say our Concur Trust Platform operates on a framework of audited processes and controls that protect your information from unauthorized access.
Being aware of the threat and employing these simple measures can go a long way to ensure your SMB is protected from cyber attacks.
* Reference article: Inc.’s “How to keep your data – and your customers’ – safe from hackers.”