Small Business Under Cyber Siege:
10 Defensive Steps You Can Take
Cyber attacks targeting large companies always make headline news. But when do we hear about a small business being hacked? Not often. It’s surprising then, according to the Verizon 2019 Data Breach Investigations Report, that 43 percent of cyber attacks target small businesses. Even more surprising, attacks on small businesses account for the largest share of all attacks covered in the report.
Small business becomes the bull’s-eye for cyber threats
The Verizon report warns that your small business is most at risk if:
•Your cash flow includes large vendor payments or wire transfers in and out
•You handle or store sensitive customer information, financial information, health data, or intellectual property; or
•You contract with larger entities or high-profile individuals(where you could be targeted as a weak link).
10 steps you can take to protect your small business
1. Treat cybersecurity as any other business area, like bookkeeping — something that needs to be done and requires a solid strategy. Set and enforce cybersecurityrelated policies.
2. Consider cyber risk as part of financial and legal risk. The aftermath of a cyber-attack or data breach can be devastating. If leveraging a third-party, include cybersecurity assurances and liability as part of contractual arrangements.
3. Take an inventory of your digital assets to more effectively secure them. Include devices (e.g., laptops, tablets, mobile phones); applications/software (for email, spreadsheets, word processors, etc.); and the type of data that you handle, store or transfer (e.g., business financials, payment data from customers).
4. Use reputable third-party services for any type of business (e.g., banking, tax advisory, facility management), and be careful when allowing access. Also be very cautious when using third-party technology vendors and services (e.g., Internet and cell phone provider, point-of-sale systems).
5. Follow the regulations to protect data as recommended by your industry. If you are a doctor’s office, for example, you need to follow the provisions of the Health Insurance Portability and Accountability Act (HIPAA).
6. Set processes to keep data, particularly consumer and payment data, secure. Use secure and reputable point-of-sale systems and actively monitor issues.
7. Set firewalls in your networks and change the default password to the network. Invest in an in-house IT expert — especially if you have set up a website that processes payments or other sensitive information. That website needs to be encrypted (e.g., following the Secure Sockets Layer (SSL) protocol).
8. Make employees aware of threats and provide training on technology use and best practices for online behavior and data handling.
9. Cybersecurity and physical security are connected: keep devices locked and docked, protect access to facilities and secure paper records. Always shred documents when disposing them.
10. Make sure that employees understand to exercise caution and only use the approved email service or application for work-related communications.
U.S. Government Cybersecurity Resources for Small Businesses
Small Business Administration (SBA):
Top Ten Cybersecurity Tips
Federal Communications Commission:
Cybersecurity for Small Business
Federal Communications Commission:
Small Biz Cyber Security Planning Guide and Cybersecurity for Small Business
The Federal Trade Commission:
Protecting Small Businesses
The Department of Homeland Security:
Stop.Think.Connect Small Business Resources
The National Institute of Standards and Technology (NIST):
Small Business Information Security: The Fundamentals
If you ever have concerns about a communication that appears to come from Union Bank requesting personal information, please call us directly at 888-826-2669.
Connect with The Private Bank
Build a financial partnership to last a lifetime.
Wills, trusts, foundations, and wealth-planning strategies have legal, tax, accounting, and other implications. Clients should consult a legal or tax advisor.