The internet has opened up some incredible opportunities for small businesses. You only have to look at the biggest businesses around today—global retail giants like Amazon, or social media firms like Facebook—for proof of its power.
A quarter of a century ago, a lot of these businesses simply didn’t exist. The exponential growth that these businesses have enjoyed would have been almost unthinkable before the internet age. However, at the same time, the number of potential security threats has grown at an almost equally fast rate.
There are, unfortunately, a great many potential security vulnerabilities when operating online. The list is an extensive one: malware, phishing and ransomware scams, cyberattacks, and data breaches, to name just a few. Needless to say, this array of cybersecurity threats can pose serious dangers to small businesses, perhaps even threatening their very existence.
As the global shift towards remote work gathers further momentum, we can expect to confront new and proliferating cybersecurity threats in the years ahead. Without continual vigilance, and robust protections, small businesses could be at real risk from unscrupulous cybercriminals.
In this post, we’ll provide you with top cybersecurity tips to help you protect your small business against cyber threats.
We’ll also explain:
- Why do small businesses need cybersecurity?
- How small businesses can keep video meetings secure
- Types of small business cyber threats
- How do I secure my small business network?
Make no mistake, cybercrime is a costly business. According to a 2019 study from insurer Hiscox, cyberattacks cost all businesses an average of $200,000 a year, and 60% of businesses targeted by cyber criminals go bust within six months.
What’s more, the indications are that these attacks are becoming increasingly frequent. Half of all small businesses surveyed reported that they had experienced a security breach over the preceding year. Four out of 10, meanwhile, said they had fallen victim to multiple incidents. The stakes involved, then, should be clear: cybercrime can pose an existential threat to firms.
It’s also worth noting here that the onset of the pandemic, and the move to remote working, has potentially led to increased security vulnerabilities. After all, relatively few small business owners are also experts in cybersecurity. However, it is vitally important to choose tools that can offer robust and reliable protection from online criminals.
Online meetings and video calls have helped us to stay in touch with both colleagues and clients during the pandemic. However, they can also be vulnerable to security breaches.
There are various ways to keep sensitive information out of the hands of those who mean you and your customers harm. Your devices—desktop and laptop computers, tablets, smartphones—will inevitably contain a great deal of data which you really need to keep confidential. Likewise, video conferences may also be potentially vulnerable.
(You’ve probably heard of strangers hacking into video meetings on different apps.)
One simple way to make it harder for hackers to get into your video meetings is to use passwords. For example, RingCentral integrates with both Outlook and Google Calendar to automatically set not only meeting IDs but also passcodes in your event invites. This makes it easier for your attendees to know the details for gaining access to your meetings:
Oh, and passwords are good, but they have to be used correctly.
For example, if you use predictable passwords, there’s a good chance that experienced hackers will be able to work them out and get into your meeting. Always try to use complex passwords to reduce the risk of them being compromised. (Again, in RingCentral, the password generation feature is turned on by default, and it automatically creates difficult passwords when you set up a new meeting—but you also have the option of customizing the password yourself.)
Once all your colleagues have joined the meeting, RingCentral allows you to then lock it so that no random users can join and either cause a disruption or snoop on sensitive information.
🕹️ Get a hands-on look at how RingCentral’s robust security features by booking a product tour:
💰 You can also use this calculator to see roughly how much your business could save by using RingCentral to support your team’s communication with each other—and clients.
There are, as we’ve already noted, numerous other cybersecurity threats to which small businesses might be vulnerable. Here are some of the main examples:
- Phishing: Phishing occurs when an email recipient clicks on a malicious link or downloads malware in the form of an attachment. Phishing emails are commonplace (anyone who has an email account has probably received them). For experienced internet users they’re generally easy to spot, but they’re becoming increasingly sophisticated and therefore more dangerous.
- Ransomware: Ransomware is software in which users are tricked into installing on a device. It then infects the said device, locking the screen or encrypting important files, and demands that users pay a fee before their system can work again. There’s a number of ways by which users might be duped into installing ransomware. They include malicious links in emails, instant messages, or via unsecure websites.
- Data breaches: Data breaches can occur in a number of ways. They may sometimes be accidental, but more often than not, they take the form of calculated cyberattacks. There are various steps you can take to safeguard your business and its sensitive data from the depredations of cybercriminals.
It’s worth taking a moment at this point to discuss how data breaches can occur. Data protection regulations are growing ever stricter, and breaches can lead to heavy fines from regulators as well as costing you the confidence of clients and consumers.
There are various weaknesses that scammers can exploit to get their hands on your data:
- Weak passwords: Hackers are very adept at guessing weak passwords, thereby allowing them to gain access to sensitive information. If your passwords are unimaginative, hackers may well be able to figure them out. This is why it’s always best to set unique and complex passwords, rather than including whole words in them or re-using variations on the same password. Strong passwords provide indispensable protection.
- System vulnerabilities: If you’re using old and outdated software, you may be particularly at risk from cybersecurity threats. This is because out-of-date software may have gaps and weaknesses that haven’t been patched up, thus allowing hackers to gain access. Small business owners must ensure that they aren’t reliant on old and vulnerable software tools or operating systems.That’s both on desktops and mobile devices that can access any private network.
- “Drive-by” downloads: So-called “drive-by” downloads are another common form of security breach. This refers to incidents where users inadvertently download malware by visiting a security-compromised webpage. If their browser or some other application has a security flaw, the malware will exploit it and thereby install itself on the system, potentially exposing confidential data to cybercriminals.
- Targeted spam and phishing: We’ve already discussed phishing, but it’s worth mentioning it again here as data breaches frequently occur via this method. Targeted malware attacks can be hugely damaging, effectively duping unsuspecting users into downloading it through bogus links and email attachments. Phishing emails can be quite sophisticated and may appear to come from a trusted source. Just because a message looks to be from Microsoft or the IRS, doesn’t mean it is!
There are other ways through which data might accidentally be exposed to prying eyes, however. For example, confidential information may be written or notes or on a whiteboard visible in the background of a video conference. If a hacker gains access to the call, they could then obtain that information and use it to their own, criminal ends.
RingCentral has features designed to ensure secure video conferencing. Its password protection feature, mentioned earlier, is activated by default, and it generates complex passwords that are very difficult to crack. Only users with the appropriate password can gain access to a given call.
By now, you’re probably quaking in your cyber-boots about the threats to your business. You needn’t, though. Simply follow these best practices to ensure reliable small business cybersecurity:
- Strong passwords. Each of your online accounts should have its own unique, complex password—one that hackers aren’t likely to be able to work out from anything else they might know about you. Avoid reusing passwords across accounts, as if one is compromised, the rest will be as well. To keep track of your various passwords, use a password manager.
- Up-to-date software. As we’ve discussed, old and obsolete software may be more at risk of security breaches because it’s likely to have more unresolved vulnerabilities. Ensure that your software is kept as up to date as possible, and avoid using anything that’s outdated. If you’re using software that’s no longer being updated by the developer, it’s time to replace it with something newer.
- Multi-factor authentication. You may already use two-step authentication to sign in to your social media or email accounts. For example, a verification code may be sent to your smartphone that you then enter when logging in. You should also use multi-factor authentication, where appropriate, for your business accounts. This will make it much harder for hackers to gain access.
- Firewall. A robust firewall is essential to protect yourself against cybersecurity breaches. Your firewall—a barrier between your network and the wider internet—should provide you with reliable protection against unauthorized access from external networks. It will monitor incoming and outgoing traffic, blocking suspicious data packets and thereby shielding your network from external threats. A firewall is best deployed, too, alongside other antivirus software.
- Staff training. Your staff must appreciate the importance of data security and understand their own role in ensuring it. They should, therefore, be trained in basic security principles, appropriate internet use guidelines, and how to handle customer and client data. They should also be reminded of any penalties if they were to breach security policies.
RingCentral helps to keep your business and its sensitive assets safe and secure. It uses a range of data security safeguards to prevent breaches, including firewalls and session border controllers, intrusion detection systems, fraud analytics, vulnerability scans, monitoring and multiple authentication levels.
Do small businesses need cyber insurance?
Some small businesses choose to take out cyber insurance to provide them with an additional degree of protection against cyber criminals.
Of course, there are other factors to consider here as well—most notably, budgetary considerations—but any business that deals with computer systems could potentially benefit from having a cyber insurance policy in place. This could provide an important backup in the event that the worst happens.
Cybersecurity resources for small businesses
Hopefully, our cybersecurity tips have already provided you with some useful insights and suggestions to keep your business secure against cyber threats. If there’s anything else you need, you can obtain more information from the National Cyber Security Alliance, which promotes cybersecurity education and awareness.
Alternatively, the Small Business Administration (SBA)—a government agency dedicated to supporting small businesses and entrepreneurs—provides resources and assistance to help businesses bolster cyber security, including this guide to online fraud.
All this might seem like rather a lot to take in, but by learning about the basic principles of cybersecurity you’ve taken a big step in the right direction. Fairly basic security measures can do a lot to protect your business from the threats that are out there—and your clients will thank you for it.
Originally published Dec 14, 2020