Running a small business, like my wedding planning business, can be a tremendously rewarding job but it can also be a bit daunting sometimes. Because everything rests on you, the owner, to make sure that business runs smoothly and is organized. You are in charge of making sure that everything has been taken care of, which can sometimes be hard to think of everything – so some important things might go unnoticed or be assessed as less important than they actually are. Case in point? Your small business’ cybersecurity protection.
Small Businesses Often Targeted by Hackers
Even after the recent waves of ransomware that have left Europe and Britain in particular in shock, a lot of small business owners do not realise the danger that their companies are in. Yet, even in the case of the hacker attack on the NHS, the devastating results (which led to at least 6,900 patient appointments cancelled) could have been prevented if cybersecurity recommendations were properly adhered to. In fact, 88 of the overall 236 trusts did not rise up to standards in a cybersecurity test. Most likely, your business would not either, unless you take certain steps.
And if you think that hackers have bigger fish to fry, please think again. You might have intellectual property that you might not realise is valuable to cybercriminals, or have sensitive client data stored (which is not hard if you are also running an e-shop of your business), or even just instrumentally use your business servers to launch further attacks on the “bigger fish”. In any case, small businesses are far from safe: in fact, a recent survey revealed that they are the target of 43% of hacker attacks, while only 14% described their ability to respond as “highly effective”. What is even more devastating is the cost of these attacks: 60% of small businesses go out of business within half a year of a security breach and spend more than $850,000 on IT assets and a further $950,00 on getting operations back to normal.
Cybersecurity: Simple Steps for Staying Protected
If, by now, you are scared, there is no need to be. There is plenty that you can do to mitigate both the risk of getting attacked and the consequences. First of all, you need to make sure that both you and your employees receive proper training and know how to spot and avoid hacker attempts – like phishing attacks. There is great merit in hiring a dedicated IT professional who can assess the situation in your company, advise you on your vulnerabilities and come up with a comprehensive cybersecurity strategy.
There are also several cybersecurity tools out there that you can look into on your own, like a web application firewall (also known as WAF), which can help secure your web applications against the most common and sophisticated attacks (like SQL injections and XSS attacks) – and allow you to meet PCI compliance requirements. Lastly, you need to have in place a detailed response plan if, despite your best efforts, you find yourself the victim of hackers: knowing how quickly and in what way you respond can work wonders in containing and minimising losses.
A lot to do and no time to lose – because (as with all things) it is better to spend time and effort proactively than trying to mitigate the effects after you have been hit.