Small business owners have a lot to handle to make it all work every day, from small concerns like copier paper, to bigger worries like health care and taxes. While small businesses are busy with a lot of day-to-day To Do’s, if you don’t think about your own cyber security, you could be in trouble.
To help protect yourself from cyber security risks, keep in mind these potential digital pitfalls:
Don’t Get Sick from a Computer Virus
Yep, computers can get sick, and usually it’s a computer virus, or malware, that’s the culprit. Even worse, infected computers on your business network can spread that infection through your system.
Writer Neil J. Rubenking at PCMag points out ways to spot potential malware infections, from nonstop popup ads to weird warnings that encourage you to click or send information to an unknown place.
You can keep computers safe by using anti-virus software that uses a database of known viruses to lock out potential threats. It’s key to use known, reputable anti-virus programs, not “too good to be true” deals from unknown (or spoofed) providers.
“Creating and distributing fake antivirus programs (also called scareware) is a lucrative business,” writes Rubenking. “The perpetrators use drive-by downloads or other sneaky techniques to get the fake antivirus onto your system, then display scary warnings about made-up threats.”
Educate Employees on Phishing
Software protection is great, but it’s also a great idea to educate employees about how to avoid a suspect site or scam in the first place. We all have a “spam” folder in our email, but sometimes messages get through the screen that are trying to pretend they need your help. They could spoof an internal email address, pretend to be IT asking for access to your computer, or even someone looking to get into your personal information to access bank accounts or other sensitive company information.
Identifying these “phishing” scams is important for everyone in your company (or at home), so you don’t give up your private information or finances.
Some email “red flags” of a potential phishing scam include:
- Bad grammar or misspelling of common words.
- An email sent to an address that isn’t associated with the account (for example, an email to an alternate address you use, but not used for your Apple or PayPal account).
- Inconsistent timeline details in the body of the email, such as an “alert” for activity you know for sure did not happen, a welcome email when you have already subscribed to services, or language that tries to elicit a panicked reaction so you click before you think.
- Email address in the “Send” field that contains lots of gibberish or numerals and digits, especially if you hover your mouse over the field. This would indicate the sender is perhaps spoofing where the email is coming from. (Note: This can be harder to investigate on a phone, so if you’re unsure, wait to check out the email on your desktop.)
Don’t Be Held for Ransom(ware)
Ransomware is software that allows someone else to effectively hold your company’s computer systems hostage until a payment is made to release it. Incredibly harmful, but oh-too-common, ransomware attacks have been made on businesses both large and small.
At CNet, writer Rick Broida, relates a story about one ransomware attack that affected his own brother-in-law.
“According to a security pro hired to help, the ransomware got in when one of the owners opened an email attachment marked “My resume” — a seemingly harmless action, especially given that the company was, in fact, actively hiring,” writes Broida.
The consequences of ransomware attacks can be long-lasting, too, especially if you lose access to your personal information that’s then sold to third parties or on the dark web. They can hold an individual’s home computer hostage for a few hundred dollars, or even a university or hospital for tens of thousands and more. Ransomware attacks now cost businesses and governments tens of billions of dollars every year, according to a recent study by the company Emisoft.
Ransomware attacks can happen to any company, and problems can trickle up to affect a larger corporation from contractors and others who may not have the full protection of an in-house IT team or virus protection. One contractor’s misstep allowed ransomware to affect Tesla and SpaceX recently, showing just how vulnerable even those in the tech industry can be.
It’s a great idea to have security procedures and protocols available for any employee’s initial onboarding, even if they’re temporary or not onsite. Vendors who share files with your company could potentially also introduce malicious software to your company with a simple forward or a mistaken click.
Keep yourself safe by keeping lines of communication open between employees, HR, IT, and your vendors and make sure you’re clicking smart every time you fire up your computer. An ounce of prevention, they say, is worth a pound of cure.
Cyber security insurance protects not only your business, but everything that your company touches with its digital footprint, from employee social security numbers to customers’ credit card numbers. Depending on our policy, it can potentially cover everything from crisis communications assistance to recovering compromised data and repairing damaged computer systems.