How to Protect Your Small Business From Cyber Attacks Right Now An annual report from Verizon found one type of breach makes up 30 percent of attacks on small businesses. Here's what you need to know.
By Jessica Thomas Edited by Dan Bova
For 13 years, Verizon has released its annual Verizon Business Data Breach Investigation Report, or DBIR, a comprehensive look at more than 150,000 incidents that gives business owners insight into trends in cyber attacks. As expected, the 2020 report took on more meaning: Unprecedented numbers of professionals are working from home, and small- and medium-sized businesses without clear data security policies in place are particularly at-risk right now. "Employees are dispersed and on different devices, and you don't know what they're doing. This opens up vulnerabilities like never before," says TJ Fox, SVP and president of Verizon Business Markets.
The exhaustive 120-page report breaks down threats by industry, business size and region, but there are common takeaways for owners of any size business — especially those who don't consider theirs big enough to attract cyber attacks. "Should a small business owner sit and read the DBIR from start to finish? No. But they should definitely understand what their vulnerabilities are," Fox says.
Related: How Hackers Take Advantage of a Crisis
In this time of uncertainty many small businesses are hesitant to make capital outlays on projects like a data security overhaul, but it's more important than ever. Beyond office workers turning their homes into offices, retail locations are introducing services like order pickups, and restaurants are utilizing new ordering platforms like GrubHub. All this means you're interacting with customer data on new networks in ways you've never done it before, and it's crucially important that you understand the data security implications.
In a conversation with Entrepreneur, Fox broke down four measures he considers the first line of defense for small business owners who haven't paid much attention to data security in the past. "There's no one magic button when it comes to this, but there are things you can do to greatly minimize your exposure to breaches and devastation to your business and customers."
Avoid public WiFi
If you do one thing, forbid any and all use of public WiFi for work activities. "Public WiFi is the most dangerous place on the planet," Fox says. It's a line he's been using in interviews for several years, but it doesn't make the sentiment any less important. Logging into a public WiFi network at an airport or coffee shop opens devices up to attack. Make sure your employees know it's against company policy to use public WiFi and provide alternatives such as a mobile private network or VPN for them to utilize when they're not in the office. Use mobile device management on company-owned devices like work laptops or cellphones to prohibit users from connecting to public WiFi networks.
Related: 4 Statistical Reasons Data Security Should Be a Top Priority for Small Businesses
Develop policies for suspicious emails
This year's DBIR found that 30 percent of cyber attacks against small businesses involve phishing. Do your employees even know what phishing is? If not, Fox emphasizes it's critically important they know what to look for. Make sure they know they shouldn't click on links or download files sent out of the blue, even if they appear to be from members of their organization. Set clear policies about how files should be sent between employees so that they know when something is amiss.
It's also crucial employees know this applies to all of their devices: "I met with an analyst a few years ago who said "Oh, I got a fishy email at work on my laptop, so I decided to open it up on my mobile device,'" Fox says. "It's the same thing." Using a phone makes you just as vulnerable to bad actors looking to steal information.
Related: 4 Telltale Signs Your Business Is Ripe for a Cybersecurity Attack (and How to Respond)
Have clear guidelines about downloading apps
This year's DBIR found that 43 percent of the breaches studied involved web applications downloaded from the internet to their devices. Set clear expectations about what types of applications your employees can have on their company devices — maybe they like using an application like Spotify to listen to music while they work or check sports news on an ESPN app, for example. Enact policies about where applications should be downloaded from, whether that's the App Store, Google Play or another market.
Related: Zoom's Security Pile-on Caused a Lawsuit - Are Microsoft, Cisco and Others Next?
Get on the cloud
Large enterprise organizations have whole teams to manage their data storage, but small businesses are much less likely to know the current best practices. "A lot of times small businesses have a computer that's sitting in their office or at their retail location," Fox says. "It's been there a long time, and that's where their email and records sit, and they're not keeping it updated from a patch perspective or a software perspective. That creates incredible vulnerabilities."
If you're a small business not already using cloud-based systems like Amazon Web Services, Microsoft Azure or Google Cloud, you need to seriously consider making the switch. Determining which one is right for you should be part of a comprehensive look at what data security changes you might need to make, especially right now.