Risk management is a key component of any successful business plan. In today’s world – where data breaches are common occurrences – it’s especially important for business owners to understand the digital risks they face. Are you doing all you can to mitigate the risk of a cyber attack?
The importance of cybersecurity
Many small-business owners may think their organizations hold little appeal to hackers due to their small size and limited scope. However, according to the Small Business Administration (SBA), this naivety may actually make them ideal targets. Small business are keepers of employee and customer data, financial account information, and intellectual property. Their systems, if not adequately protected, may also inadvertently provide access to larger supplier networks. “Given their role in the nation’s supply chain and economy, combine with fewer resources than their larger counterparts, to secure their information, systems, and networks, small employers are an attractive target for cybercriminals,” reports the SBA on its cybersecurity website. Consider the following tips complied from information supplied by the SBA, the Federal Trade Commission (FTC), and the Federal Communication Commission (FCC).
What are your vulnerabilities?
To protect your organization, you must first understand your vulnerabilities. How are your systems protected? Do you collect and store personal information of customers and employees, such as credit card information, Social Security numbers, and birth dates? If so, how is this information stored and who may access it? Do you store it in multiple locations and formats? Are these files password protected and, if so, are you using multiple complex passwords? Do you have a Wi-Fi accessible to employees and customers? How do your vendors and other third-party service providers protect their information? You may want to engage a professional to help identify your risks.
Tips for Security
When monitoring your security, ensure that you have firewall and encryption technology that protects your Internet connections and Wi-Fi networks. Make sure your business’s computers have antivirus and anti-spyware software installed and updated automatically. Require employees and others who access your system to use complex passwords that are changed regularly. Keep only personal data that you actually need and dispose of it securely as soon as it no longer serves a business purpose. Back up critical information and data on a regular basis, and store it in backups securely offsite. Assign individual user accounts to employees and permit access to software and systems only as needed. Be especially cautious with laptops and company-assigned smartphones. Question third-party vendors to ensure that their security practices comply with your standards.
Some of the Stats:1
- There is an increase of 10% in the cost of cybercrime than the past year
- 95% of cybersecurity breaches are caused by human error
- There are 30,000 websites hacked daily
- In 2023, the global annual cost of cybercrime is predicted to top $8 trillion
- 47% of adults have had their personal information exposed by cybercriminals
- The average total cost of data breaches in 2022 was $4.35 million
- 43% of all cyber-attacks are aimed at small businesses
- 91% of attacks launch with a phishing email
- A business falls victim to a ransomware attack every 14 seconds
Redundancy is key
In writing or speaking, redundancy is typically not recommended unless you’re really trying to drive a point home. When it comes to your digital life, however, redundancy is not only recommended, but also critical. That’s because redundancy means having multiple data backups stored in different locations. Here are some ideas for redundancy when backing up your data:
- If you have digital assets that you don’t want to risk losing forever – including photos, videos, original recordings, financial documents, and other materials – you’ll want to back them up regularly. And it’s not just materials on your personal computer, but your mobile devices as well. Depending on how much you use your devices, you may want to back them up as frequently as every few days.
- A good rule to follow is the 3-2-1 rule. This rule helps reduce the risk that any one event – such as a fire, theft, or hack – will destroy or compromise both your primary data and all your backups.
- Have at least three copies of your data. This means a minimum of the original plus two backups. in the world of computer redundancy, more is definitely better.
- Use at least two different formats. For example, you might have one copy on an external drive and another on a flash drive, or one copy on a flash drive and another using a cloud-based service.
- Ensure that at least one backup copy is stored offsite. You could store your external drive in a safe-deposit box or at a trusted friend or family member’s house. Cloud storage is also considered offsite.
More about cloud storage
Cloud storage – using internet-based service providers to store digital assets such as books, music, videos, photos, and even important documents including financial statements and contracts – has become increasingly popular in recent years. But is it right for you? If a cloud service is one of your backup tactics, be sure to review carefully the company’s policies and procedures for security and backup of its servers. Another good idea is to encrypt (that is, convert to code) to protect sensitive documents and your external drives. Other considerations include:
- Evaluate the provider’s reputation. Is the service well known, well tested, and well reviewed by information and security specialists?
- Consider the provider’s own security and redundancy procedures. Look for such features as two-factor authentication and complex password requirements. Does it have copies of your data on servers at multiple geographic locations, so that a disaster in one area won’t result in an irretrievable loss of data?
- Review the provider’s service agreement and terms and conditions. Make sure you understand how your data will be protected and what recourse you have in the event of a breach or loss. Also understand what happens when you delete a file – will it be completely removed from all servers? In the event of a government subpoena is issued, must the service provider hand over the data?
- Consider encryption processes, which prevent access to your data without your personal password (including access by people who work for the service provider). Will you be using a browser or app that provides for data encryption during transfer? And once your data is stored on the cloud servers, will it continue to be encrypted?
- Make sure you have a complex system for creating passwords and never share your passwords with anyone.
Educate your employees
To help ensure that your employees are also maintaining sound cybersecurity practices, establish clear security policies and procedures to put them in writing. Cover such topics as handling sensitive or personal information, appropriate use of internet and social media, and reporting vulnerabilities. Clearly spell out consequences for failing to follow the policies. Develop a mandatory employee training program on the importance of cybersecurity. Explain the basics of personal information, as well as what is and isn’t acceptable to post on social media.
Employees could unknowingly release information that could be used by competitors or, worse, by criminals. Ensure that employees understand the risks associated with phishing emails, as well as “social engineering” – manipulative tactics criminals use to trick employees into divulging confidential information.
For more information, visit the SBA cybersecurity website. In addition, business owners might want to review “Protecting Personal Information: A Guide for Business” and “Start with Security: A Guide for Business,” both available on the FTC website.
Investment Advisory Services offered through Trek Financial LLC., an (SEC) Registered Investment Advisor.
Information presented is for educational purposes only. It should not be considered specific investment advice, does not take into consideration your specific situation, and does not intend to make an offer or solicitation for the sale or purchase of any securities or investment strategies. Investments involve risk and are not guaranteed, and past performance is no guarantee of future results. For specific tax advice on any strategy, consult with a qualified tax professional before implementing any strategy discussed herein. Trek 23-544