Cyberattacks and ransomware aren’t just an issue for large multinational companies. In fact, small businesses are seen as high-value targets because they’re less likely to have protections in place, says Anthony Catalano, president of CMIT Solutions of the Florida Parishes. The data you have access to on clients, potential customers and employees can be valuable for hackers. Are you ready for a cyberattack?
“Back in the day it was just viruses that were more of a nuisance,” Catalano says. Today the real threat is hackers stealing information, or encrypting your information and putting it up for ransom so you don’t have access. It used to be enough to have an antivirus program on your computer, but now you need a multilayered approach, Catalano says.
Here are three things you can do to protect your company from hackers.
Human error accounts for many cybersecurity lapses — an unsuspecting employee responds to an email that looks like it’s from the CEO, for example, or opens a fake invoice with malware in it. And it’s not hard to see why: According to the Symantec 2017 Internet Security Threat Report, 1 in 131 emails contained malware in 2016, and 3 out of 4 companies reported that they had been victims of phishing attempts in 2016.
By training employees you can help them recognize threats and learn how they should react, Catalano says. Include information about practicing good password hygiene, such as not writing them down and changing them often, he says. And establish a written tech policy to give to employees so they better understand how to use technology without putting your business at risk, he says.
If your data is attacked or information has been compromised, you need a plan for reaction. The larger your business is, the more detailed and formal this plan should be, Catalano says, but businesses of all sizes should develop action steps to respond to any breach.
Some of the steps to consider would be how to shut down compromised systems, how and when to notify clients and authorities, and what each person’s role should be when an issue is detected, Catalano says. In addition, he recommends that businesses consider cybersecurity insurance, which can help cover liability or lawsuits in the aftermath of a cyberattack.
Catalano recommends backing up your information regularly — every day or two — and then encrypting it to the cloud over secure lines. Having secure backups in place that you can rely on can help you recover more quickly in case of any attack, especially from ransomware.
Remember that sensitive information goes beyond credit card numbers and can include employee information such as addresses and other personal identification information, Catalano says, so backups should include employee files as well. Catalano says that the threats businesses face from hackers today are much more complicated than even a few years ago, and working with a trusted tech partner can help.