Many small business owners think they are immune to cyberattacks. Here’s the thought process.

I’m too small – they want to go after big businesses with more money.

I don’t have any information a hacker would want.

I can’t afford an IT specialist, so I’ll just take my chances.

If this is still your thinking after the WannaCry security break, it’s time to change your tune.  Hackers go after companies, big and small and they go after individuals too.  Think of the Facebook stolen identity attacks and those emails you get from friends in your address book with a proclamation “this is great – click her and try it.”  And if you think you can’t afford some basic security measures with your business, you are not being a good steward of your records and your clients’ information.

It’s true that we hear about the attacks on big entities like Sony, Netflix, Disney, the Democratic National Committee and Target. We don’t hear about the attacks on small business because the name recognition factor prevents the story from making it to the newsroom. But it’s real.

Some of the attacks involve these methods and more:

  • Password Guessing Games – this is computer-generated software that can go through passwords until they find the one that matches your email and your back-end data, including the financial information of you and your clients.
  • Phishing – these relentless spammers often disguise themselves as real companies through emails and try to convince you there is a problem unless you give them sensitive data.
  • Disgruntled Employee Hits – this is when an unhappy or recently fired employee with access to sensitive information uses it to your disadvantage. They can send tweets, change website information, etc.
  • Malware – this is short for malicious software. These infections used to be called computer viruses and can be installed by clicking bad attachments. An anti-virus software will often block these types of infections. The WannaCry malware was through Windows. Microsoft had issued a security patch but the victims had not updated their systems.

Regardless of the method, it’s all about the money and power, whether it’s stealing financial data, leaking embarrassing information or demanding a ransom.  Should you pay up to get your files returned?  Netflix and Disney said no to their hackers ransom demands.  So the new season of Orange is the New Black was released early and an unnamed movie will presumably follow.  It’s a hard decision for a small business with limited resources. It’s also hard to trust that a faceless hacker will turn over your files and not return for more money.

Go on the offensive before an attack.

  • Install updates on everything – software, apps, plugins on your website, etc.  Many updates contain security patches and can be set up to install automatically.
  • Use strong passwords. There are password-generating apps and automated cloud storage boxes so you can have multiple password (not the same one, like most people) and don’t have to remember them.  Use these free resources.
  • Purchase anti-virus software such as Bitdefender to block things before you get to them.
  • Have backup systems in place.  It is not realistic for most people to back up their files on an external disc every day, as experts often recommend.  Instead consider an automated cloud backup servics like Carbonite. It will be cheaper than paying a ransom.
  • Educate your employees about the threats and how to protect their files and how to handle strange emails.
  • Have a system to restrict data to employees who leave your company, whether they are terminated or leave on their own. Keep track of who has access to what. This way your Twitter account doesn’t start posting embarrassing stuff when you let go of your assistant who also served as the backup social media manager. If possible, change passwords whenever someone leaves for any reason.

Be prepared for the next cyberwar!

For daily marketing communications news online, subscribe to LGK’s free MarCom Digest. Maximize your momentum!

Leave a Reply

Your email address will not be published. Required fields are marked *