The average cost of a cyberattack now exceeds $1 million, reports Security Magazine. Can you afford to lose that kind of money and remain in business? Most small businesses can’t, but more than half of those small businesses responding to a recent security report survey experienced a breach last year. In fact, according to Accenture, 43% percent of cyberattacks are aimed at small businesses, but only 14% of small businesses are prepared to defend themselves. According to Kaspersky, more than a third of small businesses fell victim to cyberattacks in 2019. Even more concerning is the fact that more than two-thirds of small business leaders do not believe they are a target.
Steps Your Small Business Must Take Now to Survive
Every organization needs to take the threat of cyberattack more seriously, especially in light of recent tensions that make cyber warfare more likely than ever. Start with these 5 steps:
- Backup and disaster recovery. Avoid paying ransoms and losing access to your data, by having a comprehensive backup and disaster recovery plan. This plan should include offsite backups of your data that are isolated from and not accessible by your network, as well as contingency planning for how your organization will handle data recovery, designating specific people for specific rolls. Read our guide on creating an effective disaster recovery plan.
- Regular updates. Not only should you have strong anti-virus and malware protection, but you should also ensure that you regularly install patches, upgrade software, and manage apps to avoid security risk. In particular, there should be no instances of Windows 7 operating at all.
- Strong policies. In addition to limiting data access to only those employees who actually need access to perform their jobs, you should implement strict policies for using personal devices to access the company network from public Wi-Fi, strong mobile device security requirements for all devices used for work, and ongoing training requirements for all employees.
- Email security. In addition to securely hosted email, establish policies regarding payment and information requests sent by email. Email security and training are essential.
- Multifactor authentication. Password security is no longer adequate to protect your network and your data. Require multifactor authentication for access to any part of your network. This should include a password that is combined with a secondary, required security protocol, such as a mobile authentication app for quick push notifications, as well as some form of biometric security.
Whether you are a healthcare firm, an oil and gas company, a legal firm, or a part of the many other industries The ITeam supports, such as construction and accounting, organizations need strong IT security. The ITeam understands the IT security issues facing Canada businesses. We are committed to helping Calgary- and Alberta-based businesses develop proactive, cost-effective IT strategies that minimize risk and maximize efficiency. Contact us to learn more.