The Best Defense: Cyber security for small businesses and entrepreneurs

The U.S. Democratic Party. Disney. Netflix. Britain’s National Health Service.
These are just a few of the companies to make headlines recently for having been the victims of major cyber security attacks. Their stories received international attention in part due to the surprise that companies of their magnitude, despite all their infrastructure, were still vulnerable to hackers, and serve as a good reminder that cyber security is a constant battle for any business anywhere.

Cyber crime is a growing and ever-changing problem worldwide. From email phishing and spam to online fraud and theft, and ransomware to major data breaches, the cyber threats to individuals and businesses seem to increase by the day. In fact, IBM Corp Chairman, CEO and President Ginni Rometty has called cyber crime the greatest threat to every company in the world, and previous FBI Director James Comey called the internet “the most dangerous parking lot imaginable.”

Juniper research predicted that data breaches will cost $2.1 trillion globally by 2019—a number four times higher than the cost of breaches worldwide in 2015. And it’s not just large companies that fall pretty to cyber attacks. Symantec has reported a steady rise in cyber attacks targeted at small businesses over the last five years as well. So while major companies and agencies make headlines when they are affected by cyber crime, no business is immune.

With new threats emerging regularly, and a lot at stake, now is the perfect time to reevaluate your company’s cyber security plan. Implementing simple strategies can better protect your network and valuable data. Start with the following tips from industry experts:

Pick a strong password and username. “Avoid using passwords or usernames that are too easy to guess. Admin, administrator or the name of your website domain should be avoided as usernames. Someone trying to guess how to log into your site is one step closer if they correctly guess your user name,” says Paula Sageser, digital communications specialist, SCORE Certified Mentor.

Defend against malware. “This could be as simple as having anti-virus software installed and updated regularly,” says Rob Robertson, graduate director for Masters in Cyber Security and Information Assurance, at Southern Utah University. In addition, he says, make sure that employees aren’t downloading software at will. “Only install the software that you use in the organization, and prevent the execution of any other software.”

Be smart about email. “Most attacks involve an email,” says Christina Foley, vice president of commercial sales for FireEye. “If businesses are using cloud-based email like Office 365, they should also invest in advanced threat protection beyond Microsoft’s basic spam protection. Understand that people will always hack themselves. Attackers are always looking to exploit human trust. Insist on education for every employee who interfaces with your technology.”

Know your network. “Take inventory of authorized and unauthorized devices,” says Robertson. “It’s essential to simply know what computers and other devices are connected to your network. If wireless is being used in the business, then make sure that default passwords are changed for management of the access points, and use WPA2 for authentication to the network through the wireless access point. These access points can be configured to allow only specific devices onto the network. This is all relatively easy to implement.”

Know your valuable assets. “Know what’s valuable to attackers,” says Foley. “If you manage something like customer data or credit cards, prioritize protecting what’s most attractive to a cyber attacker.”

Stay updated. “If you use WordPress for your website, make sure you have a security plugin installed. Also, keep your WordPress site up-to-date. WordPress is a popular target. The majority of sites are hacked because of outdated versions or weak passwords, so update to the latest version of WordPress, and the latest version of your themes and plugins,” says Sageser.

Foley agrees. “Use modern software and keep it updated. Anyone running a business should be on the latest version of their operating system and automatically apply updates.”

Plan ahead. “Have a cyber security response plan. A solid incident response plan will save you time and money in the event of a breach,” says Foley. In addition, she says, invest in cyber security insurance. “This can be designed to meet the budget of small companies and will protect you in the event of an attack.”