Print Edition

  Email News Updates

VIEWPOINT: 4 Tips for Small Firms to Protect Against Cyberattacks

By Charlie Wood


There are many challenges to running a business that owners must face — including the threat of a cyberattack. Cyberattacks are a growing threat for small businesses and the U.S. economy. In fact, according to a recent U.S. Small Business Administration (SBA) survey, 88 percent of small-business owners felt their business was vulnerable to a cyberattack. Yet many businesses cannot afford professional IT solutions, have limited time to devote to cybersecurity, or do not know where to begin.

Additionally, there is a common misconception among small to mid-sized business owners that due to their size they are not likely to be targeted or considered “high profile” enough. This false mindset can make businesses even more susceptible to cyberattacks. Small businesses are attractive targets as they have information that cybercriminals want, and they typically lack the security infrastructure of larger businesses. As more business is conducted online through cloud services, without the use of strong encryption technology, a hacker can easily access sensitive data behind a door with an easy lock to pick. 

Here are four ways in which small to mid-sized businesses can plan ahead and protect themselves against cyberattacks.

Don’t be ignorant 

Oftentimes, businesses and business owners think, “it won’t happen to me,” but it’s not a matter of if a cyberattack will happen, but when. Erring on the side of caution is not only the safest thing to do, but also the right thing to do. It is better to be prepared for any type of threat, breach, or attack than to be caught off guard and left in a vulnerable position.

Plan and create policies

When building a cybersecurity plan, be mindful to include an employee-training program and an incident-response plan. The first step to securing your network is to make sure your employees understand security policies and procedures. Establish basic security practices and policies for employees and create employee and IT-related policies that are compliant with the NY SHIELD Act. Companies are considered compliant if they implement reasonable administrative, physical, and technical safeguards. 

Educate employees

Cybercriminals are becoming more sophisticated in their methods and employees are often considered “easy targets.” In fact, the majority of malware is delivered via email, putting a business at risk if an employee unknowingly clicks on a phishing email or downloads a suspicious document. Therefore, educating and training employees on the risks, as well as conducting security trainings, are ways to safeguard a business. 

Training should not be a one-and-done event. Rather, schedule yearly or semi-yearly refresher courses to keep security top of mind. Help employees understand the importance of updating their software, using secure passwords, adopting security best practices and knowing what to do if they identify a possible security breach. 

Invest in cybersecurity software

On top of planning and training, the next step is to invest in cybersecurity software. Businesses need antivirus software that can protect all devices from malware, viruses, spyware, ransomware, and phishing scams. Software should not only offer protection, but also technology that helps you clean computers as needed and resets them to their pre-infected state. Investing in email gateways such as Mimecast, ProofPoint or Microsoft will support cybersecurity plans and tactics. 

Safeguard your Internet connection by using a firewall and encrypting information. A firewall acts as a digital shield, preventing malicious software or traffic from reaching your network. There are many kinds of firewalls, but they fall into two broad categories: hardware or software. If your business has a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (or SSID). Also, password-protect access to the router. 

Invest in your firm’s safety with cybersecurity planning 

Cyberattacks are not going away any time soon and will continue to pose a threat to small and mid-sized businesses. By taking these necessary steps to protect your business, you will safeguard your firm from attack, which will allow you to spend time doing what matters most — running your successful business.          

Charlie Wood is executive VP for the FoxPointe Solutions Information Risk Management Division of The Bonadio Group.

Author disclaimer: The summary information presented in this article should not be considered legal advice or counsel and does not create an attorney-client relationship between the author and the reader. Readers with legal questions are recommended to consult with their attorney. 

Thank You For Visiting