We’ve all seen the headlines about large companies falling victim to data breaches and ransomware attacks. But small businesses are not immune to cybercrime. In fact, a recent study found that more than 82% of ransomware attacks were directed at small and mediumsized businesses (SMBs).1 Smaller companies are perceived by cybercriminals as lacking the budget and personnel to invest in robust cybersecurity systems. Fortunately, there are several steps you can take to enhance security without spending a fortune or hiring a new team.

Small businesses must make cybersecurity a priority, and it starts at the top. The company’s leaders can set the tone by having regular conversations about security with the whole team. There should be established policies that dictate how to fortify the company’s systems and protect customer information. And management should include cybersecurity among the company’s performance metrics.

Malware. Ransomware. Phishing.

These terms may seem like something out of a spy movie, but they affect small businesses every day. And they are costly. Businesses with 50 or fewer employees report spending an average of $31,000 per cyberattack. Yet 43% of SMBs report that they have no security protections in place. According to the Cybersecurity and Infrastructure Security Agency (CISA), cybersecurity is about culture as much as it is about technology. Preventing security breaches can be as simple as keeping software updated, installing password protections, backing up data and training employees about common threats.

Welcome to Small Business Intelligence: Insights and ideas to help level up your business.

This new series of independent business focused articles are brought to you by the Hunter Emory State Farm Agency. Every quarter, we will share insights, ideas, and food for thought on how technology, best practices, differentiated client engagement and attracting and retaining top talent to create a culture of excellence will help level up your growth strategy.

Best practices for preventing cyberattacks

Cybersecurity experts agree on seven key steps that businesses can take to prevent bad actors from holding company data for ransom, stealing customers’ identities and installing malicious code.

1. Train the team: Employees are the first line of defense for your business’s systems and data. Implement regular training sessions that teach employees how to identify phishing emails, steer clear of dangerous links, and keep their passwords strong and secure. Offer clear guidelines for reporting suspicious incidents to the rest of the team. As cybercrime tactics evolve, conduct additional training to keep staff up-to-date.
2. Don’t rely on passwords alone: Enabling multi-factor authentication (MFA) is one of the most important steps a business can take to protect itself. MFA verifies a user’s identity by requiring a pin, token, fingerprint, facial recognition or other factor in addition to a username and password. By adding MFA to the login process for email and other key systems, you can reduce the risk of compromised passwords breaching your business.
3. Keep software up-to-date: Software and operating system manufacturers regularly patch and update their products to protect against attacks. But not everyone clicks the update button. Ensure that all employees are using the latest versions, and enable auto-updates wherever you can. In addition, antivirus software should be installed on all of the business’s computers, and updated regularly.
4. Perform — and test — regular backups: Every important system should be backed up regularly, and the backups should be evaluated to determine how long it would take to restore your data. Backing up regularly to the cloud may not offer true protection. Local files that are encrypted by a ransomware attack could be synced to the cloud, making it impossible to restore unaffected data. Maintain backups offline and retain hardware to rebuild systems if needed.
5. Secure your networks: Encrypt information and use a firewall to protect your internet connection. Wi-Fi networks should be secure, hidden and password protected. Employees should use a Virtual Private Network (VPN) to connect to the company network when working remotely or traveling. Control physical access to business computers, laptops and mobile devices. And administrative privileges should be given only to IT staff and key team members.
6. Look to the cloud: Cloud Service Providers (CSPs) can help you host critical services with additional security. As many businesses have moved to hybrid work, the potential for breaches has increased. Software-as-a-Service (SaaS) providers can protect email and important data while improving productivity. The built-in security offered by cloud vendors can reduce your business’s cybersecurity burden.
7. Remove unused accounts: Many cybercriminals find their way into a company’s systems through inactive user accounts or overlooked services. Regularly review your systems for any unused accounts or old services that are still running. Disabling them can raise the drawbridge and reduce the potential for security breaches.

Better security starts today: In addition to following these best practices, you can access guidance from organizations such as the Cybersecurity and Infrastructure Security Agency (CISA) and the Center for Internet Security (CIS). The Federal Communications Commission (FCC) offers a free cybersecurity planning tool that can help your business build a custom cybersecurity plan.

We hope you enjoyed this edition of Small Business Intelligence. The Hunter Emory Agency was built to serve small businesses and their unique growth trajectories by mapping insurance and financial product strategies for every phase and change that your business will experience. We are not here to provide just solutions — our mission is to create lifelong partnerships through a highly consultative approach — to allow you to focus on what’s needed to reach your goals.

Hunter Emory State Farm | savewithhunter.com | 216 W Market Street, Unit B Georgetown, DE 19947 | (302) 855-2100 915 N DuPont Blvd, Suite 102 Milford, DE 19963 | (302) 424-9999