Cybersecurity is as big of a threat to small businesses as it was in 2021, if not more, in 2022. Bad actors are getting more sophisticated and bold in their actions. To avoid a possible attack in 2022, the key is to pay closer attention to some of the basic tips and balance that with adopting some new ways of thinking.
Cybersecurity Strategies
Training
The Small Business Association offers some cybersecurity best practices that might seem like they only apply to larger enterprises. However, some are equally critical at a smaller scale. For example, leaders at smaller companies often think they can forgo security awareness training. If you only employ a handful of people, what’s the point? There’s still a need, but that doesn’t mean you have to conduct a formal training program. Not necessarily.
Per the SBA, the basics that all employees should know should include:
- Spotting a phishing email
- Using good browsing practices
- Avoiding suspicious downloads
- Creating strong passwords
- Protecting sensitive customer and vendor information
- Maintaining good cyber hygiene
It matters less what you call this education and more that you do it. For example, you could cater a luncheon and make the presentation short enough to fit into a lunch hour. It’s best to make this information as interactive, fun and engaging as possible to reach people in a way that captures their attention. Never doubt that this information, when placed in the right hands, could prevent a malicious attack in its tracks.
Assessing Risk
Gauging your company’s risk level may be the most strategic insight you have regarding small business cybersecurity. Per the SBA, “the first step in improving your small business cybersecurity is understanding your risk of an attack, and where you can make the biggest improvements.”
Risk assessments, especially those conducted by a third party, can shed light on where your business is at risk and empower you to create a defensive plan or strategy. The process doesn’t have to be complicated or drawn out, but there must be some type of plan.
Vulnerability scans can determine how likely your critical systems and sensitive data are to suffer a compromise or attack, given your current software patching and/or misconfigurations.
However, as a small business with a lesser budget than a Fortune 500, you might wonder if you can afford to pay a third party to perform a vulnerability scan. The good news is there’s a solution that won’t jeopardize safety. For small businesses, the DHS offers a free cyber hygiene vulnerability scan that produces a weekly report. Sign up for the free service by contacting the Cybersecurity and Infrastructure Security Agency at NCATS_INFO@hq.dhs.gov. They’ll send you documents to sign, confirm a scanning schedule and send you a pre-scan notification. Problem solved!
Using MFA
Other tactics, like multifactor authentication, are low or no cost but can provide significant peace of mind. When accessing any service, website or application, we highly recommend multifactor authentication (MFA). This provides another critical layer of small business cybersecurity by sending a unique one-time code via email or text.
Vetting Vendors: Due Diligence
It’s one thing to worry about your employees and their cyber hygiene. It’s another to have to consider the practices of your vendors and partners. Consider for a moment how many companies you do business with who may have access to your sensitive data. When you share your sensitive information with third parties, it’s only as secure as the business handling it. Your business cannot afford to be shy about asking third parties who can access your data, how data is stored and exchanged, and what security measures they have implemented.
Social Media
Do you have a policy about what kinds of information can be shared on corporate social media channels? An innocuous post highlighting a new project or product could be deleterious if somehow it reveals too much information and could be a cybersecurity threat if the information falls in the wrong hands.
An important shift
Cybersecurity is not a destination but a process. Small businesses should consider cybersecurity developments as equally crucial as industry developments. As cybersecurity becomes an essential part of your business strategy, your risk of being breached or attacked decreases drastically.
Cybersecurity should be a concern for businesses of all sizes and stripes in 2022. If you don’t have the resources for an in-house security team, a third party can provide you with the expertise, experience, and technologies that can protect your firm against the growing range and scope of cybersecurity threats.