Failing to identify, then mitigate the cyber risks your small business faces can result in unanticipated costs and monetary losses.

By Edward Moncur – As a real estate professional, many of you are either operating as or working for a small business.  Small business owners and operators are usually surprised to learn of the cyber risks they face but had not previously considered. 

Failing to identify, then mitigate the cyber risks your small business faces can result in unanticipated costs and monetary losses. Unfortunately for some, this revelation comes a little too late, arriving only after they have fallen victim to a successful cyber attack. Business disruptions suffered by victims of cybercrime increasingly lead to permanent closure.

Let’s look at the cybersecurity issue a little closer.

Why does my small business need cybersecurity?

Like any other business, small businesses rely heavily on technology and internet connectivity. This connectivity is constant and accessible remotely through multiple devices including mobile and from more places/workspaces.  

Many assume that large corporations remain the preferred targets of hackers due to the perceived value of large databases, intellectual property or customers’ personally identifiable information (PII). While hackers/attackers in the past were drawn to large companies with equally large bank accounts in the hopes of a big payday, in recent years the landscape has changed significantly. Small business interests are sometimes more likely to be targeted as “low hanging fruit.”

Funds are routinely transferred to vendors, received from clients and moved between different business bank accounts, all electronically. Cloud service providers have leveled the field and allowed smaller operators to access the same services as larger organizations. These conveniences have forced us to trust communications from third parties more so than in the past and that inherent trust brings an increased degree of risk. 

What makes small businesses vulnerable?

They suffer from a skills gap due lack of full-time IT staff or well-trained staff. 

They are also less likely to invest in security software helpful in identifying the beginning of a cyber-attack or network infiltration. Legacy hardware such as routers are not updated with security patches or replaced regularly, remaining in service outside of the vendor support lifecycle.

New technologies such as IoT (Internet of Things) devices are typically introduced to a network without due consideration for the potential security risks that accompany them.

Insufficient data protection mechanisms or data backup plans are in place while the most critical data often resides on a single server or computer with no redundancy.

Fortunately, there are many steps you can take to drastically improve your cybersecurity posture. Start with the following 6 areas.

Training: Establish regular training for staff to help identify communications from trusted sources versus potentially malicious ones. The best defense to phishing and social engineering is user training.

Passwords: Adopt a policy of strong, unique passwords for each website, account or app. Never reuse passwords. Use a password manager like Lastpass or Dashlane among others. Consider using two-factor authentication where available.

File Sharing: Limit file sharing service usage, reducing the risk of data leaks or unauthorized access.

Checklist: Created for onboarding or offboarding of employees to consistently remove access to company resources where appropriate.

Wi-Fi: Add a separate Wi-Fi network (SSID) for IoT devices like Security/doorbell cameras, Smart TVs, Smart Light Bulbs and Smart Switches. Having these devices on a network other than the one used by your computers and mobile devices limits protects your data in the event of an IoT vulnerability is exploited to attack those devices. This is a configuration change for most wireless routers with no additional hardware required. Never connect to free, untrusted public Wi-Fi.

Backup: Perform a comprehensive assessment of your data and where it resides. Ensure that you have enabled regular, multi-generational backups that are stored in multiple locations.

While it can be overwhelming to consider adding additional layers to the way you interact with technology, we should not trade security for convenience. You don’t have to implement all the recommended steps at once. If you successfully implement even one of these, you’re at least moving in the right direction.