While many small business owners take measures to keep their physical office secure, unprotected company data stored on a computer poses a grave threat – and that data is getting more and more difficult to shield.
Cybercriminals are increasingly targeting American small businesses. According to Symantec.com's 2013 Internet Security Threat Report, companies with one to 250 employees were the victims of more than 30 percent of all cyberattacks last year, up from about 18 percent in 2011. And while 77 percent of small business owners surveyed by Symantec said they think their company is protected against cybercriminals, 83 percent of respondents lacked any official security plan.
Chris Collins, R-N.Y., chairman of the U.S. House's Small Business Subcommittee on Health and Technology, says many small business owners aren't adequately prepared for an online attack because they assume cybercriminals only target large corporations. "I think, by and large, most small business owners go to work every day worrying about paying their bills, where their next order is coming from or how they're going to grow their business, where cybersecurity is so far down on the list it often gets overlooked," says Collins, who led a subcommittee hearing in March on how small businesses can mount defenses against complex cyberattacks.
The ramifications of a successful cyberstrike can be crippling, as roughly 60 percent of small businesses close within six months of a cyberattack, according to Symantec. Once the data is infiltrated, a perpetrator may be able to steal money and intellectual property, view contact information for the company's customer base and plant viruses. One of the most egregious types of assault is a "watering hole" attack, in which the criminal installs a virus so when people visit the company's website, the virus spreads to their computers, too.
To protect your small business, employees and customers from cybercriminals, experts suggest taking these measures:
Install anti-virus software. Anti-virus software can detect a large number of perpetrators, whereupon the system typically notifies the owner of the breach and takes steps to eradicate the issue. But, like a flu shot, there's no guarantee anti-virus software can keep a machine clean, as some viruses are well-disguised and difficult to pinpoint, says Michael Hicks, director of the University of Maryland—College Park's Cybersecurity Center. Therefore, he says a small business owner should use anti-virus software as one component among many to protect the company.
According to security experts, Macs are generally well-protected from viruses, but anti-virus software products are available for those users.
Keep computers up to date. Making sure your operating system, Web browser, anti-virus software, programs and plug-ins (e.g., Adobe Reader or Java) are updated is crucial, says Michael Kaiser, executive director of the National Cyber Security Alliance. Users of most big-brand security software like McAfee products can enable an automatic update feature.
Andy Steingruebl, who oversees customer security at PayPal.com, says the major Web browsers – namely Safari, Firefox, Internet Explorer and Google Chrome – are relatively safe if kept up to date.
Train employees. According to cyber analytics firm CyberFactors.com, in-house employees are responsible for 40 percent of small business breaches. Some are targeted attacks by disgruntled workers, while others are due to employees engaging in behaviors they don't realize put the company at risk of a cyberattack.
That means it's critical to educate employees about how to create strong passwords for both work-related and personal accounts. Cybercriminals who hack an employee's personal account can find their way into the company's database. "Just one bad password used by an employee can lead to a breach that affects the entire company," Kaiser says.