In addition to avoiding infection from COVID-19, you also need to protect your business from cyber viruses! Like we don’t have enough to worry about during a global pandemic.
Cyber attacks have been rising since the pandemic began. The German software company AG was hacked in October and still hasn’t recovered. The massive cyber attack on the US government is so enormous that cyber experts won’t even know the scale of the damage for several months.
And those are huge entities with large IT and cyber security teams. Of course, your small business isn’t as attractive a target as an international bank, but hackers aren’t picky. They know that SMBs don’t usually have cybersecurity teams, so small businesses can be easy prey.
What kinds of cyber attacks are there?
There are a lot of different ways that hackers can attack your business. The most common types of cyber attack include:
- Phishing attacks, when hackers send an email pretending to come from a trusted source, like your bank, credit card company or payment gateway. Phishing attacks mostly try to convince you to click on a link to a fake bank site that asks you to enter your login details, or tell you to reply to the email with personal information. Interesting and alarming stat: Phishing attacks rose 600% since February
- Malware attacks are when hackers encourage people to download harmful software that gives hackers access to your computer or cloud accounts. Malware stands for malicious software, and it’s usually hidden in software updates
- Ransomware attacks are a kind of malware that locks you out of all your crucial business files until you pay the hackers a ransom fee
Part of this is because hackers thrive on chaos. They prey on people who are scared, anxious, or stressed. It’s also because a lot of people are working from home instead of in the office, and your home internet setup doesn’t have the same kind of security as your work internet.
Don’t have a heart attack yet. We have good news too! Hackers generally go for the lowest-hanging fruit. It only takes a few simple measures to protect your small business and keep hackers away. Follow these 10 steps to a more secure future.
1. Safeguard your website
Your website is the first place hackers turn when they attack, because it holds sensitive information like your customers’ credit card details and personal information, so protect it carefully.
- Check that your hosting company is security conscious and always proactively installs security updates
- The same goes for your website platform, like Shopify, WordPress, or Wix. If you don’t know what security precautions they take, now is the time to ask
- Make sure your payment processors are all PCI-DSS-compliant, which is the data security standard for the payment card industry
- Confirm that your web address begins “https.” That means it’s secured with an SSL certificate that encrypts data traveling to or from the site. If it isn’t, ask your web platform about it
- Use a web firewall, or WAF, to monitor the traffic that visits your website and block any that looks suspicious
2. Educate your team
We love tech, but it can only protect you so far. Good old human error still causes the vast majority of hacking attacks, so make sure your employees know about basic safe web practices.
That means teaching them:
- To set strong passwords for all their accounts
- Not to download attachments from people they don’t know
- Not to visit unprotected sites on a work computer (you wouldn’t believe how many “work meetings” take place at PornHub)
- To tell you immediately if they think that their computer or account was hacked
3. Only use trusted software
You wouldn’t just let anyone into your home to wander around, check out your possessions, and get comfy on your couch, would you? Of course not!
Well, you should be at least as picky about who you let into your business sites. Only download software from trusted sources. If someone’s offering you a free or cheap license for software, you should immediately be suspicious.
Rip-offs of legitimate software aren’t just illegal, they are also a huge security risk. Some things are worth the money, and trustworthy software is one of them.
4. Restrict access to your wifi
Leaving your wifi unprotected is like leaving your front door unlocked: it’s ridiculously trusting and asking for trouble.
Your work wifi network is probably protected with strong passwords, but what about your home wifi? It needs a strong password so that no one else can get a free ride on your internet.
Once someone’s able to hack into your wifi network, they can watch the data you’re sending and intercept it to steal your passwords and hack your business information. And trust us, you don’t want that.
5. Use Firewalls and a VPN
Firewalls are there to stop outsiders from entering your private networks, devices, or accounts. You should have a firewall on all your work computers, and the laptop that you’re using to work from home. Check that your employees have firewalls on their home computers too.
You also need a VPN. When you use public wifi, or if your home wifi isn’t secure, hackers can sneak in to the network and copy the data that you send back and forth online. Then they can steal your important information. A VPN creates a kind of virtual tunnel that hides all that data so that no one can see it. Subscribe to a strong, trustworthy VPN that you and your employees can all use.
Don’t forget your phone! You use your smartphone for business all the time, but most SMBs forget to protect it. Add firewalls to your phone, and make sure that your VPN is mobile-friendly, too.
6. Update your software
We know… ain’t nobody got time to wait while your software updates. But you know what’s a bigger waste of time? Waiting for a computer expert to rescue your vital business information because someone hacked into your accounts.
Software updates are there for a reason, not (only) to annoy you. Once software has been released, people probe it for vulnerabilities and loopholes that let hackers into the system. Software companies work hard to find those vulnerabilities before hackers do, and send out updates, or patches, to fix them.
Hackers also keep finding new tricks to get around security systems. If you don’t stay up to date, you won’t be protected from the newest hacking scheme. So spend the extra few seconds checking Snapchat while your software updates do their thing.
7. Backup your data
Backing up your data is another task that nobody has time for, but that’s really important anyway.
Updated backups are your insurance policy in case you fall victim to ransomware or malware that blocks you out of all your business information. This way, you can just wipe your devices clean and start over without missing a beat.
You should regularly back up critical data like spreadsheets, databases, invoices, etc. It’s best to set automatic backups, and to back up to the cloud so that you can access all this data from anywhere in the world. Security experts recommend a “3-2-1” policy; create 3 backup versions in 2 different places, and 1 of them should be in the cloud.
8. Call in the experts
We all have our strengths and weaknesses, so there’s no shame in admitting that cyber security isn’t your forte. Sometimes it’s worthwhile to hire a professional instead of hoping for the best.
If you’re not sure what security measures you’ve taken, where your data is, or what to do next, hiring a cybersecurity specialist could be money well spent.
It would probably take only a few hours for a freelance or consultant cybersecurity professional to find all your business vulnerabilities and close all the wormholes that might let in hackers – a well worth investment.
Stand up for your business!
Hackers are trying to ruin all the hard work you’ve put in to build up your business (hey, everybody needs a hobby) but it’s up to you to stop them. Here are our “10 commandments” that will help you strengthen your defenses and protect your SMB.
- Secure your business website with “https” protection.
- Teach your employees to use strong passwords, recognize phishing attempts, and stay away from dodgy sites.
- Stick to licensed software that comes from a trusted source.
- Put a strong password on your wifi connection.
- Install firewalls on all your work devices, including smartphones.
- Set up a work VPN for you and your employees.
- Proactively install software updates.
- Run automatic backups as an “insurance policy” against ransomware and malware.
- Only use strong passwords for all your work accounts, including email and social media
- Encrypt all your most sensitive data, like customer information and bank details, so that hackers can’t read it even if they get access to it.
Ready to fight for your work?
Don’t worry, it won’t come to that. With these steps you can discourage hackers and keep your business running smoothly.