- Hackers prey on the weak. Small businesses are often less equipped to protect against an attack and dedicate fewer resources to fighting cybercrime. Nearly half of all small businesses have been a victim of cyber attacks. 71% of security breaches target small businesses.
- Hackers love internal access. 77% of all employees leave their computers unattended. Stealing credentials from key employees allows hackers to send email that looks legitimate to other companies they want to attack by disguising the email to look like it's coming from a business partner. Disgruntled former employees pose internal threats, stealing trade secrets and data, and increasingly use internet cloud services to hack companies by gaining remote access to corporate networks. One of the country's large-scale breaches was hacked by gaining entry through an HVAC technician who had access.
- Hackers love what small businesses have to offer. 95% of credit card breaches that Visa® discovers are from its smallest business customers: intellectual property and personally identifiable information.
The most important lessons are still the most basic. Talk to your employees about cybersecurity. They need to know the policies and practices you expect them to follow in the workplace regarding Internet safety.
- Focus on what needs to be protected. Create a risk management plan that identifies both critical company and customer information that must be secured.
- Forecast the consequences of a successful attack. Quantify the risk and what could happen as a result of a successful cyber attack against your company.
- Create a culture of cybersecurity. Teach your employees to understand the value of protecting company and customer information and the importance of security to the business. Establish internet security policies.
- Talk to employees about vulnerabilities. Links in email, social media posts and online can lead to malware. When in doubt, throw it out! And encourage your employees to speak up if they notice strange things happening on their computer.
- Have a plan. Hacks, data breaches, and other cybercrime happen every day, and so do fires, floods, and burglary. Have a plan in place to grow your cybersecurity protections that also addresses how you would respond if an attack occurs.
Need help implementing a cybersecurity plan? The National Cyber Security Alliance provides many free resources at StaySafeOnline.org.