According to research conducted by Symantec, the number of cyberattacks against small businesses (companies with fewer than 250 employees) has been steadily growing over the last six years, with hackers specifically targeting employees (phishing). And while distributed denial of service, or DDoS, attacks are still a leading form of cyber warfare, ransomware and malware attacks, targeting users of smartphones and internet of things (IoT) devices, as well as PCs and systems running on Macs and Linux, are also a big threat to small businesses.
For large businesses with IT departments and/or security professionals monitoring the business 24/7/365 for security threats, protecting themselves from cyber threats is annoying but doable – part of the cost of doing business online. But what can small(er) businesses, which typically don’t have IT departments or the ability to hire a security firm, do to protect themselves? Here are nine ways small businesses can ward off cyberattacks and security breaches, as well as several tips on how to protect your data if or when prevention fails.
Ways to ward off cyberattacks
1. Train employees on cybersecurity best practices
“Ninety-five percent of all security breaches at the workplace are because of human error,” says Tony Anscombe, senior security evangelist, Avast. “To combat this, cybersecurity should be a core part of the workplace culture – including ongoing education, training and reviews for each employee.”
“Educating employees regularly must be a top priority,” agrees Vijay Basani, CEO, EiQ Networks. “Unaware and careless employees are one of the most effective ways for cybercriminals to find ‘open doors’ to the corporate network, usually through spear phishing techniques designed to deliver malware.
“Educating employees on the dangers of phishing and malware – clicking on even one attachment or link in an external email – and making it part of the employee onboarding process can be the best defense in preventing malware from finding that open door,” he says.
“Furthermore, [businesses] should teach their employees never to open an unsolicited email attachment and be wary of any URL links contained in email messages,” advises Marc Laliberte, information security analyst, WatchGuard Technologies.
2. Invest in antivirus software
“Regardless of the type of computers that you are running (Windows or Mac), an investment in antivirus software is always a great move,” says Tom DeSot, CIO, Digital Defense. “While many people may think that Macs are immune to viruses, they in fact are not and can become infected almost as easily as a Windows computer.”
That’s why he recommends that businesses “run at least two different types of anti-virus software: one on [their] servers, one on [their] laptops/desktops. The reason for this is that you stand a better chance of catching [and stopping] a virus since one of the anti-virus software packages may have a signature for it whereas the other one may not.”
Sign up for Computerworld eNewsletters.