The internet has empowered small businesses to break into far-flung geographies or hire talent from all over the world. It has connected small businesses to global suppliers, and ideas abound on the internet. But all this connectivity creates another, more sinister issue: cyberattacks. These can range from the destruction of infrastructure for online factories to the theft of important customer data. It can even enable an online version of corporate espionage.
If you run a small business, you may not believe you have enough information to be targeted. Or that even if you are targeted, hackers won’t steal much information. But ransomware attacks could wipe out all your digital data. (Do you have paper copies of all your transactions and customer data?) Or you could be used as an avenue to attack larger corporations for whom you contract. (That’s what happened to Target in 2013.) So what are some easy-to-implement techniques to ward off attacks?
Lock your WiFi network
One of the easiest things to do is to lock your WiFi network with a password. This prevents people from simply connecting to your network and spying on all the activity. Even if you offer free WiFi to customers, print the password on the receipt or have a sign in-store. By not locking, you are yelling to the world: here’s a free internet connection point, come and do whatever you want on my network! A password also adds a layer of security for customers or employees using the WiFi network if you encrypt the signals, which most routers make a one-click operation after you’ve set a password.
And if you use one network for employees/POS devices and one for customers, it is essential to keep them separate. This generally means having two wireless routers with different SSIDs and different networks. If you use the same physical network for complimentary WiFi and business purposes, having two SSIDs is not very useful because both WiFi networks channel through the same physical network.
Install antimalware and antivirus software
Malware is any kind of malicious software. There are plenty of free or low-cost tools available for malware detection and removal, and a quick internet search will turn up several competing providers. If you don’t routinely scan for malware, it is possible for malicious code to monitor and transmit all of your digital activities, including private information on your vendors, your financial information, and your trade secrets. It clearly also endangers your customers if you don’t protect yourself.
Security holes are discovered and patched constantly. Using out-of-date software is a risky choice. When developers discover a security vulnerability, they usually disclose the issue and release a patch. When the patch is published, information regarding the vulnerability becomes public knowledge, and anyone running old software is now vulnerable to a threat known by anyone who wants to know about it. Luckily most software defaults to installing update automatically in the background.
In fact, Equifax’s negligence in updating software in a timely manner was the root cause of their incredibly damaging data leak. Even if your business does not maintain databases of such sensitive information, you should avoid making yourself an open and easy target.
Sometimes updates may break important internal, customized infrastructure, so you might disable the automatic feature. But don’t let patches accumulate, because every day the security flaw is public and you are vulnerable is a day someone could find and attack your business.
Encrypt your data
Encryption is the scrambling of data so it will be useless even if a data leak occurs. You should encrypt your customer data, as well as internal communications to avoid competitors preempting your every move. Additionally, you can encrypt laptops, USB sticks, and in-office machines with full-disk encryption. And you should encrypt your networks with HTTPS and VPNs.
Not only will you protect customers by encrypting, you can protect your business and your employees.
Full-disk encryption is best, because there is no data-leakage between encrypted and unencrypted parts of the computer. Encryption is also relatively easy to implement, so you don’t need to hire an entire IT team to leverage this powerful tool. Furthermore, encryption software is not expensive. Some operating systems have built-in encryption, but if not, there are reputable open-source tools available.
If you run a small business, you might already use payment services like PayPal for your customer payments. If you don’t like PayPal, there are a few other big names as well. But the main idea is to avoid processing payments yourself, because financial transactions are an obvious and lucrative target for attackers.
You can also outsource your data storage and encryption needs by using a cloud-based service. The most prominent services in the field, like AWS and Azure, offer the security and reliability expertise of international corporations for a monthly or annual fee. Outsourcing in this way provides the added benefit of protection against data loss from ransomware and hardware failure.
Educate your employees on common attack vectors
The best software and security will not help if your employees recklessly browse the internet or act in unsecure ways.
Show your employees how easy it is to steal credit cards so they act more protective of customer data. Demonstrate how Evil Twin WiFi networks can steal company and personal data – by showing them how their personal data is at risk, you add incentive for secure practices. Show them how they can inadvertently download viruses by compromised websites. Infected advertisement networks, which may spread across thousands of pages, fall under the aptly-named malvertising.
You can use more secure POS, enforce VPN traffic on company devices, and block websites. But this hardline approach may not win the cooperation of your employees, and there are ways to circumvent these precautions. Educating your employees on how the business and their own livelihoods and personal data can be compromised. This is more incentivizing than blocking their favorite social media sites without explanation.