Protect Your Small Business From Hacking
Submitted by Bob Pohly, SCORE Central Oregon Marketing Chair
The Internet has helped thousands of small businesses broaden their brand and customer base across state and even international borders. But it has also attracted a far less-desirable clientele—hackers.
According to Symantic’s Internet Threat Report examining trends for 2013, 30 percent of targeted cyber-attacks (called “spear-phishing”) were aimed at businesses with 250 or fewer employees. And one in five small businesses received at least one spear-phishing email during the year.
What makes small businesses so vulnerable? Despite the ongoing threat of hacking and viruses, many small companies don’t devote the resources necessary to managing the security of their systems. Entrée via a single computer is often all that’s necessary to infest an entire network. And if you use a single computer for everything from email to website updates, your entire small business can become vulnerable in an instant.
In addition, cyber-criminals often use lesser-protected small businesses as a means for attacking larger firms with which they have a relationship. And even if the hacker’s goal is to cause inconvenience rather than crime, the lost productivity and costs to clean up your system are no laughing matter.
So how can you fight back? A good place to start is the SBA’s Cybersecurity for Small Businesses training exercise, available for free at www.sba.gov. The exercise offers insights into online security principles, tips for protecting information and networks in case of a cyber-attack, contingency plans, setting up firewalls, creating backups, and much more.
Another valuable resource you can also put to work right away is the Small Biz Cyber Planner, developed by the Federal Communications Commission (FCC) for businesses that may be unable to dedicate full-time resources to cybersecurity. The tool walks users through a series of questions to determine the most appropriate cybersecurity tactics for your small business.
Other easy-to-implement cybersecurity measures include:
Keep your computers up to date. Install, use, and regularly update antivirus and antispyware software on every computer used in your business. Also, download and install software updates as they become available, as they are often designed to correct security problems and improve functionality.
Backup important business data and information. Critical data includes word processing documents, spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly.
Control access to computers and networks. Laptops can be particularly easy targets for theft, so make sure they are stored and locked up when unattended.
Secure your Wi-Fi Network. This is particularly important for home-based businesses. Configure your wireless access point or router so that it doesn’t broadcast your network name (called the Service Set Identifier or SSID). Passwords should also be required for access. It is also critical to change the administrative password that was on the device when it was first purchased.
This Ask SCORE column is provided by the SCORE Central Oregon Chapter. SCORE is a nonprofit association with 11,000 volunteers, business experts in 320 offices in communities across the country. SCORE is a resource partner with the U.S. Small Business Administration. To request a free small business mentoring session go to www.scorecentraloregon.org.