Cybersecurity for Small Businesses

What is Cybersecurity?

Cybersecurity refers to the efforts applied in order to protect computers, programs, networks and data from potential attacks, damage or unauthorized access. This is made possible through the use of various mechanisms and methodologies.

What is Risk Management?

Risk management has to do with the assessing, minimizing, and prevention of accidental loss to a business via methods such as safety measures and insurance schemes. Risk management and cybersecurity go hand in hand and tend to complement each other as it relates to proper information security.

What is the importance of securing information through cybersecurity?

The modern cyberspace and external environment are fashioned in such a way that security flaws can come from almost anywhere. Prime candidates include natural disasters and system failure, but statistically, most threats have a human at their origin. This means that security threats can originate from either within or outside of the organization.

As a small firm, the consequences of neglecting protection can become costly. Depending on the case, it could even be more expensive than the cost of implementing security measures. The event of a security breach can cause your customers to lose confidence in your business, which may discourage potential clients as a result. There is also the possibility of affected customers taking legal action against your company, resulting in your business having to compensate for your mistake.

 

What are the types of information that should be secured?

When securing a company’s systems, one should consider the following:

  • Personal information for employees
  • Partner information
  • Sensitive information from clients
  • Financial and sensitive business information

The firm’s website should also be secure in order to protect both current and potential customers from security risks.

 

What are the types of cyber threats?

There exists a wide range of information security threats. The most common, however, are website tampering, data theft, denial-of-service attacks (DoS), as well as the use of viruses.

i. Website Tampering

Site tampering includes, but is not limited to, defacing your website, hacking your back-end systems, and compromising sites with invisible code. This is harmful to both your customers and the overall image of the business.

ii. Theft of data

Data theft also comes in several forms, each of them coming with their own problems depending on the type of data stolen. These forms include:

  • Theft of computer files
  • Unauthorized access to company accounts
  • Hardware theft (including computers and laptops)
  • Interceptions of emails and internet transactions
  • Phishing emails that trick you into releasing personal information
  • ‘Spear Phishing’ emails, which target specific groups of people into responding
  • Identity Theft

iii. Denial of Service Attacks

A denial-of-service or DoS is an attack on a computer or website which locks the computer and/or crashes the system. This results in slowed or stopped workflow, lack of communication and halted eCommerce for the company. The most common methods of DoS attacks are:

  • Through volumetric means, where the attacker attempts to minimize or stop performance by using up all the available bandwidth
  • TCP State-Exhaustion Attacks, which cause problems with things like firewalls and application servers

iv. Malicious Code and Viruses

Malicious code and viruses include the more well known security threats. These threats send themselves over the internet to find and send your files, find and delete critical data, or lock up the computer or system. They can hide in programs or documents, make copies of themselves, and install themselves on your system to record keystrokes to send to collection point.

 

What can be done to guard against cyber threats?

Coming back to the aspect of risk management, the governing bodies of the business must consider the vulnerabilities of both the human and technological factors within the organization.

As it relates to the human element, staff should be trained in how to keep their information safe. These training sessions should cover areas such as internet browsing, email usage and desktop habits.

i. Examples of Safe Internet Browsing

  • Do not surf the web with an administrative account
  • Do not download software from unknown pages
  • Do not download files from unknown sources
  • Do not respond to popup windows requesting you to download drivers
  • Do not allow any websites to install software on your computer
  • Protect passwords, credit card numbers, and private information in web browsers and conduct online business and banking on secure connections. Password manager tools can help you keep track of secure passwords for each site.

ii. Examples of Safe Email Use

  • Be careful when opening attachments
  • Don’t reply to unsolicited emails
  • Don’t click on links in an email

iii. Examples of Safe Desktop Practices

  • Use separate computer accounts for each user
  • Use passwords and don’t share
  • Use screen locking, log on and off, and power down your system at the end of the day
  • Don’t plug ”lost” infected USB drives into systems
  • Seriously consider encrypting sensitive data on your system. Try using your favourite search engine online to find encryption tools that will work within your computing environment.

Protection of the company’s systems has more to do with guarding your hardware and software against the various types of malicious attacks. In addition, it would be helpful to invest in a means of data storage to keep sensitive data in case of any mishap.

iv. Prevention of Viruses, Spyware, Trojans and Malware

  • Installing anti-virus software
  • Installing company-wide detection tools
  • Assigning responsibility for information in writing
  • Up-to-date virus search definitions
  • Including employee’s home systems in the virus prevention effort

v. Securing Hardware/Software

  • Changing passwords periodically
  • Using software firewalls
  • Patching operating systems and applications
  • Securing wireless access points

vi. Backup Procedures

  • Making back-up copies of important information
  • Storing backup copies offsite for safe keeping
  • Testing your backups to make sure that they actually work
  • Disposing of old computers and media securely

 

For more information on cybersecurity: SBA Learning Center: Cybersecurity for Small Businesses

Photo Credit: Information Trust Institute

 

Leave a Reply

Your email address will not be published. Required fields are marked *