The age of digitalization and interconnectivity has thrust us into a time where anything is possible. Instant engagement, online shopping, click of the mouse gratification. But with this, comes a permanent and very real threat of online crime. In fact, digitization has created an environment in which online crime is on the increase.
It is swift. It can be untraceable and it can happen to anyone.
In fact, one of the biggest victims of cybersecurity threats are small businesses and startups. Why, you may ask? The fact of the matter is that due to its size, an SME does not usually have the capacity and resources to protect from an attack, as well as won’t be able to recover as quickly. They are, in essence, sitting ducks.
Many take the “it won’t happen to me” stance, but the fact is, cybercrime is more prevalent than you think. The statistics are shocking.
Hackers attack every 39 seconds, which is probably the time you have taken to read up to here. 45% of all Americans have fallen victim and lost some of their personal data over the last five years.
But the fact is, it takes an average of 279 days to detect and actually manage a breach from the side of the company. And the costs can cripple a startup as the average data breach costs around $3.92 million.
So, just what can you do as a small business owner? We thought we would take a look at the measures you can start putting in place immediately to start protecting your and your customers’ vital data.
Secure All of Your Networks
The first thing you have to do to protect yourself from online attacks is to do a deep dive into your organization and ascertain where you need to heighten your wireless network security. Ransomware and malware are one of the biggest threats to companies all over the world, and they’re used to exploit the weaknesses of wireless networks’ security.
To counter this, try and avoid WEP encryption and only uses WPA2, which uses AES-based encryption and provides better security than WPA. WEP can be cracked in minutes and provides very little security for your company information. If you need a full breakdown of just how to go about making sure you are secure, this post from Prolifics takes you step by step through the process of data privacy.
Familiarize Yourself with the Relevant Regulations
Globally, regulations have emerged to protect consumer data that organizations hold. Regulations like the California Consumer Privacy Act of 2018 in California, or the Protection of Personal Information Act in South Africa were established to regulate the collection, storing, sharing and disposal of consumers’ personal data. There are stringent processes recommended to companies to protect the data and information of their customers to avoid penalties.
Each country has specific regulations set, as well as enforcement of these, should the company be reported of noncompliance. Not only does a non-compliant company face penalties like fines, or a pause on operations, but in some countries, key stakeholders can be arrested.
Train Your Staff
The fact is that the majority of cyberattacks and white-collar crime actually comes from within the company’s workforce. Whether it be a deliberate act, or accidental, it is important to understand that threats can come from unsuspecting employees.
Threats can be totally unassuming and come through in the form of phishing or ransomware scams and be disguised in an email or embedded links. The best thing to do is to take your staff through rigorous training regularly and keep them aware of the possible threats. There are various training options open to you, whether it be online or face to face that will educate your employees on the danger of cybercrime.
Regulate Access
As mentioned, your employees are your biggest threat, and it is not always accidental. Over 48% of all white-collar crimes are committed by the employees of the company. It is imperative, therefore for companies to put measures in place to not only restrict the access of information to certain individuals, but to create transparency and accountability measures to monitor all performance.
It is important to have strict control over who has access to your data. Server rooms should be secure and have access control where only a select amount of people should be able to access it. Your data should be regularly backed up, removed and stored correctly to minimize access to it. Certain software platforms and databases should only be accessible to certain employees, and these should be monitored at all times. Checks and balances are key in ensuring that your data is secured.
Conduct Penetration Testing and Stress Testing
What you need to keep in mind is that cybercriminals are always going to be a step ahead, and looking for new ways to enter a business. Stress testing is one of the most underlooked, yet absolutely integral aspects of cybersecurity in the organization. Pinpointing your vulnerabilities within your organization is key in predictive and preventative cybersecurity measures. You need to keep in mind, cybercriminals will always be thinking ahead. You might not even realize that you have been breached until it is too late. So, you need to take as many measures as possible to understand where the soft spots are in your organization.
Security testing, stress testing and penetration testing are all methods that you need to ensure are conducted regularly to understand what security measures need to be strengthened. Aspects like injection vulnerabilities, broken authentication (passwords), security misconfiguration, broken access control, and others are all aspects that need to be monitored and tested.
Last Thoughts
There are a number of ways you can predict and prevent cybercrimes from impacting your business. However, you will also need to prepare yourself if a breach should happen. Thousands of businesses do not have any funds in place to deal with a breach. They also do not have a contingency and response strategy in place. It is encouraged that all businesses have funds set aside, as well as a step by step response plan to a breach. Not only will you need to communicate with staff and stakeholders, but with your customers, whose personal data might have been affected by the breach.