Do You Need a Small Business Cybersecurity Checklist?

Summary: Cyber security is crucial for small companies. More than half of small and midsized businesses (SMBs) close their doors in the 6 months following a cyberattack. There are steps to take now to reduce the risk of an attack and to make recovery from an attack possible. Learn how to improve your SMB’s cyber security before you fall victim to a cyberattack.

Every business has become a target for cyberattacks. What do cyber criminals want from a small business? Client data to sell on the dark web to other cybercriminals and data to exploit for immediate financial theft such as stealing credit card numbers, logins and passwords to financial accounts, and more. However, cyber threats are not limited to big corporations, banks and government agencies. Ironically, small businesses have become an easy target for hackers and are considered the “low-hanging fruit” in the attack landscape. Because most SMB owners think they are too small to get the attention of cybercriminals, many do not focus on having sufficient cyber security to protect their companies. Cybercrime has been up over 400% since 2019 and increases an average of 20% year over year.

The Importance of Cybersecurity for Small Business

Without sufficient SMB cybersecurity in place, many of a company’s most valuable assets can be compromised if your network is breached, such as:

• Banking Information – What could be more damaging to a business than for cyber thieves to access its bank accounts? Unauthorized access to this information alone can be enough to bankrupt a business.
• Customer Lists – You have worked hard to build a loyal customer base. In the hands of hackers, your customer list becomes a marketable asset that can be sold to your competitors.
• Customer Credit Card information – Every time a customer makes a payment, they trust your company to protect their payment information and store private information securely. A breach of that data can significantly damage your company’s reputation and the confidence you have built among customers. In addition, you are liable to protect any data you collect, transmit or store.
• Internal Pricing Information – If your business is in a highly competitive marketplace, your internal pricing is the type of private information that hackers might try to sell to your competitors or hold for ransom. Also, if internal pricing is leaked to the public, customers can weigh how they feel about your business’s profit margin.
• Business Plans – Business plans map out the desired growth path of a company. A detailed business plan in the wrong hands could thwart such growth, and competitors can use the plans to adjust their business plans to gain a market edge.
• Proprietary Designs, Formulas, Processes and Other Intellectual Property – Many small businesses do not consider their unique creations' intrinsic value. Designs, formulas and manufacturing processes are a valuable part of a company's assets.

The vulnerability goes beyond the confines of your company’s computer system. Once a hacker can access your network and launch an attack, their next step is to compromise your connected vendors, partners and customers. Without appropriate network cyber security, a cybercriminal can sell (and resell) your business’s private data in some form for a considerable profit.

Over time, many SMBs have become reliant upon cloud-based systems to conduct their activities. The daily network operations of the businesses, sales and purchases, online meetings, advertising, banking and other vital functions performed online must be locked down with a robust level of cyber security.

Checklist of Basic Cyber Security for SMBs

There are several steps you should take to increase the cyber security of your small business computer system:

• Train Employees – Employees are often the weak links in an SMB’s cyber security. Untrained staff can impulsively click on links and attachments to emails without understanding the risks. In fact, employees clicking on malicious links are the entry point for nearly all ransomware attacks. Hackers count on impulsive and rushed behavior. Unfortunately, all it takes is one wrong click for a thief to launch a malware attack, breach your network and steal your data. Employee security awareness training is inexpensive and highly effective.
• Use Strong Passwords – Passwords are the first line of defense against hackers. Long, strong and unique usernames and passwords are crucial to cyber security.
• Password Management – Creating and keeping track of passwords has become more complicated than ever. Old-school passwords using birthdays, anniversaries and 1234 are no longer sufficient as hackers have devised automated programs to guess passwords, and simple ones can be quickly discovered. Installing reputable password managers allows random, multi-character passwords to be generated and stored automatically and safely.
• Multi-Factor Authentication (MFA) – In addition to strong usernames and passwords, multi-factor authentication adds another layer of protection against data breaches. MFA confirms the identity of the person attempting to log on through a different device via texts or emails. Biometric options are now available in various forms, including Facial Recognition, Optical Recognition and Fingerprint Recognition. Increasingly, insurers require proof of maintaining MFA for cyber insurance coverage.
• Install Anti-Virus Software – If you do not already have powerful and up-to-date anti-virus software installed on your computer system, have a professional grade product (not free versions) installed and configured on your network. The newest products include live security operations center (SOC) monitoring to evaluate threats and alert your IT service when emergency action is needed.
• Conduct a Cyber Risk Assessment – A cyber risk assessment starts with delving into how data moves through your network and who has access permissions for different data. You can determine what security holes need to be tightened up by evaluating the data flow and how data is used. If you do not have the IT knowledge to ensure you can make a thorough assessment, it is worth your time and money to employ a network cyber security services company to work with you in the assessment process.
• Update All Software – Software developers often release security fixes and patches with software updates. These security tweaks are freely available, and you and your business will benefit significantly by keeping all software up to date.
• Schedule Regular Backups – Even with strong security, hackers sometimes get through. By regularly backing up your data, if a catastrophic cyber event occurs and your data is corrupted, stolen or encrypted by ransomware, a clean backup can jumpstart getting your SMB up and running again.
• Limit File Access with Need-To-Know Criteria – The most sensitive company data should only be accessed by top C-level executives and any employee whose job it is to work with that data. For example, an employee in the accounting department does not need to access proprietary design files used by the graphics department, and vice versa. Limiting access is an excellent way of limiting virus spread, file damage and theft of data by cyber thieves or insider attacks.
• Use Virtual Private Networks (VPNs) for all Online Data Activity – VPNs should be installed and used for all online work. VPNs cloak your online connections by encrypting them and routing them through IP addresses in different locations worldwide. Using “tunneling” technology, VPNs create a private network within your network, making it very difficult for hackers to steal your data or discover your location.
• Use VPNS on All Network Devices – VPNs should be used on all your devices, whether your employees work at your office, out of their homes or on the road. Public WiFi is a dream come true for hackers who wait for unsuspecting users to log on and then breach their data. Therefore, mandatory use of VPNs should be part of your company employee cyber security policy.

SMB owners must become knowledgeable about potential cyber security threats to their businesses. Small businesses are favored targets of cybercriminals, putting them at serious risk. Creation and execution of a robust small business cyber security checklist and plan is a vital part of managing business risk, and your plan must be revisited and updated regularly to keep your business secure and out of the reach of hackers.

Review your SMB cybersecurity plan with your technician yearly or whenever there is a change to your network devices or network functions. The cost of basic cybersecurity for small business is a tiny fraction of the cost of an average cyberattack, so proactive protection makes good financial sense and helps avoid the disruption and devastation of an attack.