Cyber attacks are a growing threat for small businesses, and so by definition, the U.S. economy. According to the FBI’s Internet Crime Report, the cost of cyber attacks reached $2.7 billion in 2018 alone. And Small Business Trends reported that 43% of cyber-attacks targeted small businesses in 2019. From phishing scams to data breaches, the average cyber attack costs a business $9,000 per the National Small Business Association.
Cloud-based technology capabilities available today afford nimble, small businesses great flexibility, which many of us realized during the COVID-19 pandemic. This technology allows us to change the physical boundaries of our businesses, and often, even when and how work takes place. It is amazing. And it comes with a downside – cyber attacks. Security breaches, data theft, viruses, and ransomware are on the rise.
Cybersecurity — keeping your data safe — is a top priority for us at HireEffect and one that we continuously address. With each advance in bookkeeping technology, more vulnerabilities are discovered. And as new threats continue to emerge, we continue to advise our clients on ways to stay secure.
According to Cisco, cybersecurity is the practice of protecting systems, networks, and programs from digital or cyber attacks. These cyber attacks often attempt to access, change, or destroy sensitive information or otherwise interrupt business.
It’s almost inevitable that you’ll encounter these cyber attacks if you don’t take the proper steps. As attacks get more sophisticated, the precautions you must take need to be more sophisticated, too. Most, if not all, a business’ devices have connectivity to the internet, so restricting employees from using business devices outside the office is no longer an option in keeping your data safe.
Where are you vulnerable?
Today, there are more ways than ever that your systems can be breached and that your data can be destroyed, exposed, and compromised. The biggest threats involve unauthorized access and come in the form of phishing attacks, malware attacks, and other similar techniques. Sadly, it’s not always as simple as hackers stealing your financial information.
Cyberthreats sometimes come in the form of spoofing, where an attacker forges an email address, so it appears to be from someone other than the person who sent it. The spoofer may pretend to be a customer who tries to direct an employee to do something. It could be to redirect funds to a new bank account or indicate that there is a new business partner who should be paid regularly.
We experienced two of these attempts, both with emails that appeared to come from me. One asked one of our bookkeepers to do something for me. And the other asked our head of business development to buy gift cards for customer appreciation. They both seemed so real!
Thankfully, as guardians of our clients’ bookkeeping and financial data, we were on to them!
Phishing attacks are email attempts at trolling for personal information, such as usernames, passwords, and credit card numbers. Often these emails look as if they come from a trusted source with whom you have a relationship. As an example, you may receive an email from “Microsoft” telling you that your account is frozen unless you update your information. Responding can result in you or a staff member simply handing over access credentials and other sensitive information.
And if that weren’t bad enough
Another disturbing consequence of clicking a link in an email from an illegitimate source is introducing malware into your network. Forcepoint, a cybersecurity company, defines malware as “the collective name for a number of malicious software variants, including viruses, ransomware, and spyware.”
Viruses, like in a human body, attach malicious code to clean code and wait for someone to “press go.”
Worms slither their way through a network, starting with one computer and connecting to consecutive computers to spread infection.
Spyware hides silently in the background collecting private information without anyone knowing, often until it is too late.
Trojans, like the giant fake horse, disguises itself as real software. They can cause a security breach by creating a backdoor, giving other malware easy access.
Ransomware, also called scareware, locks down networks or locks out admins until a ransom is paid. The ransom demands can be costly, and there is often no other way to get the data back.
Outdated software increases the success rate for these types of attacks — especially for small-to-mid-sized companies that don’t have a robust IT department. This includes outdated or unpatched operating systems, software applications, browsers, firmware and middleware, and anti-virus software. Leaving these outdates means also leaving your business systems open to attacks. Weak or repeated passwords are also a huge problem.
The Right Tools To Stop Cyber Attacks
Looking at all the different ways your systems can be attacked can be scary. Having the right tools and educating yourself on what to look out for will help.
Along with standard anti-malware/firewalls, we encourage our clients to use unique, complex passwords, multi-factor authentication tools, and a secure cloud for all file storage.
Thankfully, in recent years, with the rise of data migration to the cloud, we have seen the rise of multi-factor authentication (MFA). Internally here at HireEffect, we use the Microsoft Authenticator app, which allows for code generation for software like QuickBooks and Gusto, login approval for Microsoft 365, and phone sign-in with a PIN or a fingerprint.
We also require all of our employees to use Dashlane, a password manager that enables us to set a password and share login access, while not ever sharing the password. It also alerts us when there is a security breach on any sites that we use, and even alerts us when our information is found on the Dark Web. Another popular password manager is LastPass.
Pro Tip: Make sure that you budget for the time and resources it will take to train your employees on cyber safety. Having the tools won’t help if your employees don’t use them.
Tools, however, aren’t a complete solution.
Some other tips:
- Don’t use public Wi-Fi. Using the mobile hotspot feature on your phone is safer.
- Limit the use of USB thumb drives. Use secure digital portals/secure email instead.
- Mandate employee cybersecurity training.
- Review and update your IT and security policies in areas such as remote work, bring your own device (BYOD), internet access, and other vulnerable areas.
- Get cyber insurance to reimburse your business if your systems are breached.
The need for a plan to protect your business is one area where our clients reach out for assistance and advice. One best practice we suggest for ensuring employee devices remain reasonably secure is using mobile device management software. This solution enables you to control and erase company data from an employee’s device if it’s lost or stolen. We also suggest setting up an employee exit plan that includes items like disabling company emails and removing access to company login credentials. (Dashlane makes this part simple!) Putting processes in place will allow your small business to benefit from secure business applications that can otherwise be expensive and cumbersome to manage in-house.
When all else fails
Let’s assume that at some point, an attack will get through. As demonstrated when cyberattack attempts happened to us, this is where behavioral solutions will save your business. It’s also a good idea to formulate plans to respond to a successful cyber attack. Your ability to recover from any damage effectively and quickly will be your best lifeline in the case of a successful attack.
Cyber attacks are a moving target. As threats evolve, so do the tools, techniques, and other ways of dealing with them.
We make it a point to keep up to date with what our clients and what their businesses face. The HireEffect™ team has adopted a technology-forward approach to the way we work with our clients. We make an effort to recommend and implement the appropriate systems and platforms to help drive increased efficiency and productivity, most safely and securely. It is essential to know what technology will work best for the specific needs and goals of an organization. Through active research, planning, and execution, our team has been able to work with clients across multiple industries to implement new, modernized systems to support their continued success.