According to a 2019 report released by Cybersecurity Ventures, cybercrime is the biggest threat to business. Additionally, they predict cybercrime costs will exceed $6 trillion by the end of 2021. This increase in cybercrime may leave many business owners wondering what they can do to prevent cyberattacks. Fortunately, no matter the size of your business, there are three strategies you can implement to defend against cyberattacks – protect, plan, and practice.
Protect
The first step is to determine what is most vital to your business and put controls around those assets. For example, in your organization, financial information or client data might be the most crucial aspect of your business. A hierarchical list of what is most important to your organization will give you a roadmap to building your cyber defenses.
Make sure you have layers of defense. Nick Ritter, Chief Information Security Officer of First Financial Bank, explains, "So, I've got a piece of Swiss cheese, and it's got a bunch of holes in it. I put another piece of Swiss cheese on top of it, and it's got holes on it as well, but the holes don't overlap. By the third piece of Swiss cheese, it's a solid piece of cheese." In the same way, layers of defense are best when combined with other layers to protect the inner circle of your most important assets.
There are several tools already available to business owners to defend against cyberattacks. Nick recommends, "The Microsoft Window's operating system has an excellent tool called Defender built into it. There's also CrowdStrike and Carbon Black that you can get for about a $10 monthly subscription. Those software options tend to be more effective against more modern ransomware."
Plan
Once you have determined what is most important, develop a plan that details how to handle cyberattacks and partner with experts in cyber security. Think about a worst-case scenario and ask yourself, how would you react if your business were to succumb to a ransomware or business email compromise? Having a plan before the attack happens will mitigate loss. To help small businesses create a plan, the Federal Communications Commission provided a Cyber Security Planning Guide.
Additionally, partner with experts in business cyber security to help you develop a reaction plan which incorporates best practices that are applicable for your organization. Nick suggests companies should have a reliable security professional to talk to who understands their business and can give them practical solutions.
Practice
Practice good hygiene when it comes to cyber security. Some of the best ways to prevent and combat cyberattacks are through dual controls, password protection, multi-factor authentication, and awareness.
Get Industry Insights in Your Inbox
Dual Controls
One way cybercriminals target businesses is through email compromise. For example, the hacker, who impersonates a trusted person, sends an email to an employee that reads, "I'm away from my desk right now. Please wire $10,000 to this account right away." If the company does not have dual controls in place, the employee could wire the money without a moment's hesitation. However, with dual controls requiring two individuals to sign off on a transfer, there is an increased chance the business will not succumb to the fraudulent wire hack.
Password Protection
Another practical approach to cyber security is proper password storage. Nick says, "Passwords should not be shared. Make sure they're really complicated, so people don't memorize them. And it’s really important to store them in a password vault." Apps like 1Password are available for a small monthly subscription fee. Change your passwords frequently, so if someone attempts to log in as you, the password is incorrect.
Multi-Factor Authentication
Multi-factor authentication is crucial to prevent cyber hacks should your passwords become compromised. According to the Verizon 2021 Data Breach Investigations Report, 61% of breaches involved credential theft. Adding layers of identification helps ensure only authorized users access the most vital data in your company.
Awareness
The final aspect to practice is awareness. If something doesn't feel right, it probably isn't. Be extra cautious when providing personal information like social security numbers, tax identification, or contact information. Make calls directly to the company to verify the validity of the person or organization asking for your information.
Conclusion
There are a lot of issues facing businesses today, and it can be challenging to prioritize cyber security. However, cyber security applies to small and large companies, and no one managing a business should avoid addressing this issue and topic. Business cyber security is a global issue that affects every business, no matter the size or industry. Fortunately, adherence to the three Ps will increase your chance of defending your company against cybercrimes.
Disclaimer: Please note, Oak Street Funding does not provide legal or tax advice. This blog is for informational purposes only. It is not a statement of fact or recommendation, does not constitute an offer for a loan, professional or legal or tax advice or legal opinion and should not be used as a substitute for obtaining valuation services or professional, legal or tax advice.