If you still think cybercrime can’t target your small business, think again. In the past 12 months, 47% of small businesses have suffered at least one cyberattack, according to a survey by Hiscox. Of those, 44% suffered between two and four attacks in that time period.
Cyberattacks are more than just an inconvenience: Small businesses in the survey say the average incident cost them nearly $35,000. That’s not counting the additional fallout, such as losing customers, losing income and losing productivity while recovering from the attack.
Trends in cybercrime
Most (64%) companies are already using Internet of Things (IoT) devices in the workplace, according to a survey taken earlier this year, and an additional 20% plan to implement them within the next 12 months. Already, 61% of respondents have already suffered an IoT cybercrime incident.
Business email compromise (BEC) attacks are also getting more prevalent and more sophisticated. Over half of IT security decision-makers in a recent survey say targeted phishing attacks are the biggest threat they face. How does it work? Cybercriminals access an employee’s email—often a C-level executive. Posing as that person, they email other employees requesting sensitive information or directing a financial transaction to be made. Last year, a Form W-2 phishing scam targeting businesses tricked email recipients into sending Form W-2s to cybercriminals. Thousands of employees had their personal information compromised as a result.
The weakest link
According to a 2018 Ponemon study, most data breaches are inside jobs. This doesn’t mean your employees are cybercrooks—most breaches result from negligence or carelessness. But while employees are your weakest link, they can also be your strongest defense. With proper training, they can become a “human firewall” protecting your business. Here’s what you need to do.
Create a cybersecurity policy and provide ongoing training
The FCC has resources to help small business owners develop cybersecurity policies. It’s also a good idea to have a third-party vendor conduct a security audit, make recommendations and provide ongoing cybersecurity training for your team and you (training should take place every six months). After training, conduct tests to see how employees respond.
Monitor access
Require regular password updates. Using reputable password management software that automatically generates and stores strong passwords can simplify this. Remind employees never to share user accounts, share passwords or store passwords where they can easily be found.
Be careful in the cloud
Back up your data securely in case of a ransomware attack. But be sure your data’s protected in the cloud with Xerox® DocuShare Flex. This cloud-based app for companies with five or more employees manages your data securely. Control access to documents, use the Content Encryption feature, and set up automated data archiving and destruction.
Protect your printers
Network-connected printers can expose your business to hackers. Xerox multifunction printers (MFPs) with ConnectKey have automatic file encryption built in so your data is protected during transmission; they can also overwrite the data on the printer’s hard drive after printing. ConnectKey enabled printers feature whitelisting technology that protects against malware and alerts you if attempts are made to compromise printer security. You can even use a Xerox MFP’s password authorization feature to restrict unauthorized users from printing sensitive documents, and to password-protect scanned documents so only authorized users can access them.
Automate and regulate
Employees are bound to break the rules. That’s why building in safeguards can help. Develop automated workflows to control where data goes and who can view it. Xerox printer and workflow solutions can set up workflows to scan, route and store data only where you want it to go—such as into specific folders, apps and cloud storage systems that you’ve approved.
Check and double-check
Use two-factor authentication to enable access to sensitive accounts or information, such as employees’ personal records, customers’ financial data or business bank accounts. When employees get an email from inside the company asking them to share sensitive data or make a financial transaction, have them call the co-worker to verify the request.
Cybersecurity is serious business. By taking the steps above, you can feel confident you’re doing your best to protect your company from cybercrooks.
For more tips on protecting your critical business data, subscribe to the Small Business Solutions blog today.