How your company can combat cybercrime, prevent an attack and bounce back in the event of a data security breach.
Whether big or small, any business is vulnerable to cybercriminals and fraud. However, small and medium-sized businesses (SMBs) may not be ready for cyber attacks, and each one of these can be disastrous. In fact, an incredible 60 per cent of small businesses fold in the six months following a cyber attack.
Although this is a scary statistic, proper procedures can help you prevent an attack or, at the very least, recover from one with minimal damage. Here are three things you can do to prepare in advance and limit the impact of cybercrime.
1. Train your staff to combat cybercrime
According to research by Kaspersky, 88 per cent of SMBs that have suffered a data breach claim that social engineering played a part. What is that? Social engineering is any form of cyber fraud that relies on using human error — such as phishing (getting you to click on a harmful link), pretexting (pretending to need sensitive data for a legitimate issue), or quid pro quo (pretending to provide a service in exchange for access to data).
Human error also comes into play in simpler ways. Employees could leave their laptops in a public place, while others might keep a Post-It with their passwords on their desk. It’s easy to become careless with safety, and these small mistakes can easily be exploited by someone with bad intentions.
The easiest way to prevent these attacks is to train your staff appropriately. Teach them to identify common scams such as phishing and to be extremely careful with sensitive data. Repeat this training regularly to prevent a sense of complacency from developing.
2. Encrypt your data
“Data encryption” is one of those technical terms that feel too complicated to understand, but it’s actually very simple. Data encryption registers your data as a code, which can only be read with an encryption key or password. It protects your data as it sits in your system and during data transfers.
Encryption is particularly important if your employees carry around laptops with sensitive business data (this can easily be stolen or lost) or if such data is often exchanged by email. You can protect your laptops and system using an encryption software — PC Mag has a useful roundup of the best ones on the market.
For email data, you need a separate email encryption software — specifically, a type called secure webmail is best for small businesses. This is because it is cost-effective and doesn’t require both the sender and recipient to be set up with encryption.
3. Be ready to react quickly
A data breach response plan will make your reaction to a data breach fast and effective. With a good plan, you can prevent loss of service and even mitigate the damage. Without it, you will be caught completely unaware, making the attack much more harmful.
Data breach response plan templates are available online, along with guides highlighting the best practice. Do your research and spend some time developing yours, and remember to revisit it as your business grows and your data protection needs become more complex.
Of course, you will need to determine exactly what happened, both to mitigate the damage and prevent it from happening again. It might be worth investing in a team digital forensic specialists, (search for reputable and certified services such as Secure Forensics), who can put a data breach response plan into action. They may also utilize private investigators to locate the people responsible for the attack.
It goes without saying you can’t bounce back from a breach without backing up your data, so a solid backup and storage strategy is also crucial. Keep full backups of everything — at least two separate online copies and a third offline one, preferably in another physical location.
Why combat cybercrime?
Cybercriminals target SMBs specifically because they expect them to be vulnerable and poorly prepared. It’s your job to prove them wrong. While you don’t have the limitless resources of a large corporation to protect yourself, you can definitely make it harder for the fraudsters and combat cybercrime from within. Taking the time to develop a concrete strategy surrounding your data protection and response to breaches could literally save your business, so make it a priority.