In the fall of 2016, I watched a good friend get her business ready for opening in her first retail space. She had previously run everything from her home and now she was entering a whole new phase. I observed her interactions during a few visits and she knew when I gave her that “look,” there was something that needed improving.
“What Wi-Fi network do you have your register assigned to in the shared retail space? You should put a password on that register device you’re using, so when you’re across the store someone can’t open your register.”
The best part of helping her set that device password was watching her millennial daughters return to the store and try to guess the password – listening to their theories on creation was most amusing.
Following are 5 ways you can protect YOUR small business from phishing and other cyber threats.
- Train Your Employees!
A majority of small businesses have fewer than 50 employees. Ensure your staff are trained on the basics of cybersecurity for their roles. There are a number of free (YES really free!) resources available online to provide the basics: phishing, passwords, internet browsing and data protection.
The number one threat that will impact your business is phishing. Start with the simple actions. Teach employees to diligently check links – hover to see the real destination. If they did click on that link, do they have someone to tell? What if it took them to a website asking for their username and password? If there’s an attachment, did it come from a trusted sender – if so, were they expecting to receive that invoice or resume file?
In June this year, the FBI issued a warning about the dramatic increase in business email compromise (BEC), which results in financial loss for the business targeted. The BEC scam is a simple email from a fraudster masquerading as a legitimate business executive asking for funds to be wired. These messages are typically targeted to individuals in the organization that process invoices or payments.
With a small staff, it’s not always easy to build your processes to include segregation of duties. But having controls in place related to handing out funds will not only save you on insider theft, it will also reduce the potential wire fraud from a random email spoofing your email address to your finance team. If your business does become a victim, the FBI encourages you to report the incident.
Remember the Target breach? The malicious actors started with sending a phishing email to the HVAC maintenance technician – a small business.
- Get Cyber Insurance.
You have an insurance policy on your car to protect you if you’re in an accident. You purchase liability insurance to cover your risk, should you encounter an unforeseen disruption in your business. In order to protect your business from a security incident that could result in a data breach or business disruption, you should invest in a cybersecurity insurance policy.
- Invest in IT/Cybersecurity Services
Enlisting the help of your teenage nephew is great for setting up your new phone or laptop, but that’s not the best solution to support your growing business. There are plenty of managed service providers to contract support for your technology and cybersecurity needs. Tap into your local small business networks or professional sharing networks for recommendations.
- Protect your Online Business Accounts
I put it in the cloud! The cloud service offerings today are far more readily available and robust than even five years ago. Entering your credit card info to purchase a piece of the cloud is easy, but make sure you know what you’re putting where. Keeping an inventory of these services, along with the type of data your storing, is important if the service experiences a breach or an outage.
While it might be easy to use that same username and password across all your accounts, it only takes one data breach to put all these services at risk. Get a password vault to manage these accounts.
- Protect your Social Media Accounts
As a small business owner, your number one “go to” place for your marketing campaign is social media. Managing these accounts is critical to protecting your online identity. Who has access to post on your behalf? Limit who has access to the account. Review your profile settings to ensure you have the highest level of security enabled. If the provider allows you to enable two-factor authentication – ENABLE IT!
Learn what two-factor authentication is and how to enable it at https://www.lockdownyourlogin.org/
YOU can do this – small steps can make a BIG difference!
Whether your family business was handed down to you through generations, or you’re a new start up, or a nonprofit, small city, county, or community organization – you have intellectual property or personal data that you need to protect. And you have employees that need to take actions to support your business.
You built your business to live your dream; don’t let a malicious actor take that away from you! As you grow your business, make sure you grow your cybersecurity capabilities right along with it.
Tonia Dudley joined Cofense (formerly PhishMe) in 2018 as Director, Security Solution Advisor. In this role, she focuses on phishing defense advocacy while demonstrating how Cofense solutions help organizations across the globe minimize the impact of attacks while reducing the cost of operations. Tonia evangelizes Cofense’s approach to phishing defense and incident response to new and existing customers, prospects and the information technology market through speaking engagements, publishing platforms and media opportunities. Tonia also advises Cofense product teams on specific customer and market-driven needs to help streamline product roadmaps and create Cofense’s inaugural international customer advisory board. Tonia is also a member of the board of the National Cyber Security Alliance (NCSA). NCSA’s CyberSecure My Business™ program provides the small business community with training and resources to improve online safety and security.