Shelley Polansky BBB

Shelley Polansky, BBB president/CEO.

Cyberattacks have greatly increased in an environment where remote work plays an outsized role. Small businesses have to find optimal ways to deter these and other would-be cybercriminals from seeking low-risk, easy-to-implement hacking, phishing and malware schemes, putting at risk their systems.

If the systems are not properly maintained, businesses can lose control of basic identity or personal bank accounts, or worse, their own critical sensitive information to money extortion, unauthorized access to applications, services and networks, and a long list of other crimes.

Statistics

Cybercrime is on the rise this year. The Federal Trade Commission received 4.8 million cybercrime complaints in 2020, up 45% from 3.3 million the year before, mostly due to an increase in identity theft complaints, according to the Insurance Information Institute.

In 2020, there were 1.4 million complaints of identity theft, compared with 651,000 in 2019. The cost for the thefts and other crimes reached $2.7 billion in 2020, according to the FBI’s internet crime report. What the numbers will look like for 2022 and beyond is hard to tell.

On the home front, the cybercrimes to be aware of in 2022 are many, including:

Ransomware to demand a ransom in exchange for the promise that data won’t be destroyed by a simple rewrite or disposal of the decryption key.

Attacks on security holes in cloud-based systems, such as email and online platforms.

High-profile IoT (internet of things) attacks on the devices that connect and exchange data over the internet or other communication networks.

Attacks on remote computers or networks in work-from-home environments.

Social-engineering scams attack users and gain access to systems and information.

According to a recent U.S. Small Business Administration survey, 88% of small business owners believe their businesses are vulnerable to a cyberattack – yet, many businesses can’t afford professional information technology solutions, have limited staff and time to implement cybersecurity practices, or don’t know where to begin.

Practices

Businesses do not need a huge budget or a great deal of time to implement a cybersecurity strategy to protect their operations, their data and their customers.

Their first step is training employees in cybersecurity best practices, so they have the knowledge and tools they need to protect themselves and their company from cybercrime. At the most basic level, businesses can cover the risks and the steps to take for various types of cybercrimes and provide information on the latest threats and solutions.

Here are the top five cybersecurity practices for small businesses:

Implement the basics: Practice established cybersecurity tactics, such as avoiding opening email attachments and using URLs instead, choosing strong passwords and using a password management tool. Keep antivirus protection software current with automatic updates to block malware and other malicious viruses from entering devices and compromising data.

Secure the network: Use a virtual private network, or VPN, to secure Wi-Fi networks and encrypt internet traffic, allowing employees to send and receive data as if their computing devices were connected to the private network. Other security measures include installing firewalls between internal and public networks and host intrusion prevention systems. HIPS are a host-based detection tool that aims to stop malware by sending out alerts for suspicious changes to the server by monitoring logs, directories, files and registries.

Implement role-based access control: Implement RBACs to restrict access by employees based on their roles within the business, so that they obtain only the information they need to do their jobs. This helps protect data and systems by preventing employees from using sensitive data, reducing their risk of becoming a victim of data theft.

Use authentication processes: Use two-factor or multi-factor authentication by requiring employees to provide information beyond a user name and password when they want to access company data and systems, such as a personal identification code, a second password or a thumbprint. Multi-factor authentication is preferred, since it involves more steps and is harder to crack, giving even more layers of security.

Install backup and recovery: Install automated remote backup and data recovery to allow employees to store an extra copy of data in a secure offsite location. This provides extra security, but also allows the business to restore data in the case of a data breach.

Businesses, no matter their size, need to put cybersecurity practices on the top of their to-do lists, especially in a volatile global economy. By implementing a few tools and resources, they can protect against potential risks, even if facing less visible, but formidable cyber forces.

The BBB wants to see businesses succeed, knowing that as data becomes more crucial to their daily activities, awareness of ways to protect their companies, customers and staff become increasingly important.

Shelley Polansky is president/CEO of BBB Serving Northern Colorado and Wyoming.

Recommended for you

comments powered by Disqus