In May 2017, the WannaCry ransomware attack swept across the world. It prevented hospitals, businesses, and nonprofit organizations from working. It scared a lot of people, and for good reason.

WannaCry was a worldwide wake-up call that cybersecurity is a concern for all businesses, big or small. We can’t afford to take the security of our IT systems for granted. This post explores the best security precautions to take if you’re a small business.

Small Businesses Are a Prime Cyberattack Target … But Most Don’t Know It

How aware are small businesses of the cybersecurity threats looming around them? According to Security Magazine, not very. A 2016 article states, “Only 31 percent of small businesses take active measures to guard themselves against security breaches.” Yet, 43 percent of all cyberattacks hit small businesses, according to a 2016 report from Symantec.

This means that small businesses are disproportionately targeted by cyberattacks and are unaware or distracted by other priorities that demand their attention ─ balancing the books, conducting sales, fulfilling orders, and satisfying customers. The risk of not adequately protecting your IT is substantial, and can range from theft of intellectual property and customer information to possible business closure.

Cybersecurity Precautions Many Small Businesses Take May Not Be Enough

In the past few years, general security awareness has improved among small businesses. In our experience, the standard cybersecurity precautions taken by small businesses are as follows:

  • Backup files on a USB drive
  • Paying for a good website and email host
  • Using Gmail for its convenience and built-in spam filter
  • Using free versions of malware and antivirus software

But, unfortunately the most common precautions don’t always do the job and this list is not sufficient for most businesses. Backing up to a USB drive is better than nothing, but it’s not safe enough for business data. A good hosting provider will secure your website and email, but that doesn’t protect emails after you receive them. Gmail’s spam filter is OK, but as any Gmail user will tell you, it’s not perfect!

Malware can slip right past many antiviruses through emails, popup ads, social media posts, holes in the OS ─ places you wouldn’t even think about. For example, WannaCry got in by exploiting a Windows security hole that Microsoft had already patched! Millions of people simply didn’t install the patch or were on pirated software and therefore ineligible to receive it. And for all you Mac users, don’t snicker! Macs are vulnerable to malware & ransomware too.

This leaves us with the big question. If these precautions aren’t enough to keep cybercriminals out, what can small businesses do?

The Cybersecurity Precautions That Work, Whether You’re Big or Small

The good news is, once you’ve implemented strong cybersecurity precautions, they can grow with your business. Here’s a list of the tried and true cybersecurity precautions that we recommend.

  1. Maintain Two Sets of Secure Backups – One of these should be physically separate from your computers (e.g., in another location, like our datacenter) and encrypted.
  2. Keep All Computers and Servers Up-to-date and Protected – Apply all security patches and Windows updates on a monthly basis. Make sure you have business-grade malware protection as well (e.g., Malwarebytes Corporate Edition).
  3. Don’t Use Pirated Software – You can’t get updates for it, which instantly leaves your computer vulnerable.
  4. Educate Your Employees on How Malware and Ransomware Work – This is crucial. Never click an email attachment or link you weren’t expecting, even if it appears to come from a legitimate source (FedEx, Bank of America, and Microsoft are all frequently “spoofed” like this). If in doubt, send a separate email to the person (do not click “Reply”) and ask for confirmation.
  5. Use a Firewall and/or VPN – Firewalls are powerful protection, but they need configuration to work best. A VPN (Virtual Private Network) is essentially an encryption-protected “tunnel” surrounding your Internet connection.

Cybersecurity is a Concern, but Protection is Possible

The Security Magazine article had one final statistic. Approximately 60 percent of small businesses who are hacked go out of business after just six months.

While that’s a scary statistic, it’s also illuminating. Even if you don’t think your business’ data is worth stealing, it is to someone. Don’t let them take it. Although “staying aware of cybersecurity” is another addition to the to-do list, it’s better than adding “recover from the cyberattack (somehow)”.

What are your thoughts on cybersecurity awareness? Please share in the comments below.