It’s hard to avoid the topic of cybersecurity these days. There’s the FBI’s recent feud with Apple, of course, and the increasing risk of ransomware, in which hackers hold an institution’s data hostage in exchange for payment. Now, victims don’t even need to have their identity stolen in order to lose significant sums. One hospital in Los Angeles paid $17,000 in order to regain access to its data. More and more people are getting letters from their health insurer or financial institution with the calamitous news that their personal information has been exposed by a recent data breach.
We know there are steps we should take as individual consumers to protect our information. But what about small business owners? Data breaches are expensive to fix, in time, money, and consumer confidence, no matter how small your business is. And, according to Symantec’s 2015 Internet Security Threat Report, 60 percent of all targeted cyber attacks in 2014 hit small-to-medium businesses. The nonprofit Identity Theft Resource Center reports that, as of March 22, there have already been 177 data breaches in the U.S., compromising over 4.6 million records. Last year, over 169 million records were affected by cyber attacks.
If 2016 is anything like 2015, around 500 SMBs will be the focus of attacks this year. You don’t want to be the local business sending out that we’re-sorry-your-data-has-been-exposed letter—and you may not be able to afford to offer your customers a year or more of free identity protection to shore up the damage. Think the FDIC or your general liability insurance will provide some protection? Think again. Federal consumer protections are not likely to cover business bank account losses; neither is general liability likely to cover losses due to a data breach.
In other words, safeguarding against a data breach—and preparing for one—is something small business owners really need to have on their radar. The good news is that there are some effective, if not infallible, defenses small business owners can easily—and inexpensively— implement.
First, set up two-factor authentication wherever possible. Services such as Gmail and Twitter allow you to sign into an account by checking in with an app on your smartphone, or providing a special passcode sent to you in a text once you’ve entered your username and password. Such a precaution can be the difference between losing control of the sensitive messages or photos you send to, say, your staff in a mass email.
Next, consider using a password manager. You know you’ve done it—using the same passwords across several online accounts. Listen up! Criminals rely so often on this half-hearted attempt at cybersecurity, there’s actually a name for such attacks: password reuse. (We didn’t say it was an especially imaginative one.) Once a malicious hacker has cracked your email (or other) account, they’ll try that same email/username and password on major bank websites and popular social media sites. The solution? A password manager like 1Password (available for Mac and PC) or LastPass that creates and stores complicated codes that no thief will be able to guess. And, more importantly, you won’t have to remember them all. PCMag has a handy comparison chart of “The Best Password Managers for 2016”—scroll past the chart for a link to free password managers.
Use financial apps, such as Credit Karma, to keep track of your credit score. Credit Karma allows users to check their credit scores and financial information without having to pay any monthly fees. They make money by marketing cards to those users. Prosper Daily (previously BillGuard), another useful piece of smartphone software, allows you to monitor all your accounts, your credit score, and even provides spending analytics. The app also crowdsources fraudulent charges. That means that if another user flags a suspicious or fraudulent charge on their own account and you have a similar charge, you’ll automatically get an alert. The crowdsourcing doesn’t end there—otherwise cryptic merchant information is community-edited to help you decipher it.
Finally: Don’t freak out! Remember, breaches happen. People’s credit cards get stolen. The best things to do are to take simple steps like these and, most of all, to stay informed. You can keep updated on cybersecurity issues by reading Krebs on Security and Graham Cluely’s blog.
− The Small Business Association has a free, 30-minute course on cybersecurity for small businesses.
− The Department of Homeland Security has resources for small businesses, including tip sheets and planning guides.
− WalletHub has a good collection of cybersecurity-related posts from managing your credit score to what to do after a breach.
− There’s a comprehensive cybersecurity toolkit designed for small and midsize businesses available from the federal Computer Emergency Readiness Team (US-CERT).
− And for good measure, here are a few more tips from the Federal Trade Commission on keeping your personal information safe.
This article originally appeared on the TownSquared blog. TownSquared is an online community for local businesses. It allows you to connect with other businesses in your area and receive instant notifications from your community around topics like: Marketing Tips, Local Partnerships, Hiring, Finance, and more!
Insurance shopping simplified
Insurance shopping simplified