How Small Businesses Can Guard Against Cyber Attacks
Some independent business owners have the misguided impression that they’re too small to catch the attention of hackers or other bad players. No organization can be completely immune from the increasing number of malware, phishing and other malicious online behavior. In fact, IBM Security studied 550 organizations impacted by data breaches throughout a year-long timeframe ending last March, and found 83 percent of them had suffered more than one data breach.
A recent Provident Bank survey found just half of small business owners are fully prepared for a cyber attack. Interestingly, just as many respondents said they were concerned about cyber security and thought about it on a daily basis.
Business owners can turn those concerns into a strong offense by taking measures to protect their data during a time when both the cost and frequency of cyberattacks are rising. In this blog, we’ll share some tips and best cyber security practices.
Educate your employees
More than 80 percent of data breaches are caused by human error. Mistakes happen but when your company’s data is compromised due to a breach, the implications can be significant. Security breaches can weaken customer trust, your brand’s reputation and your bottom line. That’s why it’s important to ensure employees are trained to follow best practices (including safe browsing habits), recognize and flag suspicious emails and protect customer data.
If you’re not in a position to personally train employees, there are many resources and online courses you can take advantage of to help them understand and recognize risks.
Using and updating security software
Some small businesses are reluctant to invest in online security because they think they can’t afford it. But the consequences of inaction can be even more costly, with U.S. security breaches across all industries averaging $9.44 million–each.
Securing your network and installing antivirus software is one way of keeping your data safe. Ensure all of your work-issued computers are equipped with a firewall and that the latest software updates have been installed. Antivirus software is proven to prevent malicious attacks and is one of the best lines of defense against bad players.
Protect customer data
Securing and backing up customer data should be a vital part of your cybersecurity strategy. You can safeguard customer data by:
- Ensuring access is restricted only to employees who need it
- Encrypting data to protect it from hackers
- Checking to confirm the customer relationship management software you’re using is reliable and trusted
- Limiting the amount of data stored to the essentials
To safeguard your customer data against any breaches, ensure cloud applications are configured in a secure manner before using them to back it up. Using secure cloud-based management systems will also safeguard your files in the event a computer is lost or damaged.
Zero trust
It’s natural to be trusting, but when it comes to online security it’s best to put those instincts aside and exercise skepticism. The zero trust model to cybersecurity is an approach that requires businesses to validate each stage of their online interactions. Examples include multi-factor authentication, utilizing access models following least privilege, limiting access points for attackers and utilizing artificial intelligence to identify attacks quickly.
This airtight approach might seem extreme, but the growing prevalence of online attacks is prompting a growing number of businesses to embrace it. It’s important to note that just 41 percent of the targeted organizations included in the IBM study used a zero trust security system; the remaining 59 percent of organizations did not and as a consequence incurred more than $1 million in additional losses than targeted companies that did incorporate the zero trust model.
Investigate alternative password options
Your business could tighten its email security by rolling out password requirements to ensure email accounts are protected by unique codes that are changed on a regular basis. Or, you could take passwords out of the equation entirely.
Passwordless authentications are gaining traction as a way to more securely verify user identity. Some companies are using one-time passwords sent to registered devices, two-factor authentication and even biometrics such as fingerprints or facial recognition.
Use trusted tools
Contracts and agreements are a part of day-to-day lives for many employees, and with such paperwork often containing sensitive information it’s important to utilize trusted sources to facilitate electronic signature gathering.
At DocuSign, one of our top priorities is to make your experience as safe and secure as possible — trust is in our DNA and ingrained in our people, processes, and technologies. Read our guide on Combating Phishing for tips to protect your data from phishing.
Check out the DocuSign Key Features to learn about the efforts we are undertaking to keep our customers safe from attackers.