3 ways your small business can fight back against the explosion in cybercrime

Cybercrime is growing at an alarming pace — incidents are skyrocketing in size, sophistication and cost. According to experts, cybercrime will cost the world more than a staggering $10.5 trillion per year by 2025.

Exacerbating the problem is the transition to remote work, which has opened up more vulnerability access points for cyberattacks. It’s crucial that businesses evaluate and fortify their incident response processes, contingency operations and disaster recovery plans against cybercrime.

Small businesses are attractive targets

Though companies of every sector and size are at risk, small businesses are the most vulnerable to cyberattacks. Data suggests that more than 50% of all cyberattacks are committed against small-to-midsize businesses, and that a whopping 60% of those businesses go out of business within six months of being hacked.

What’s even more worrisome is that most entrepreneurs are not prepared. About 88% of small businesses owners, in a survey by the U.S. Small Business Administration, said that although they felt at risk of cyberattack, they either couldn’t figure out needed safety measures or couldn’t afford professional IT solutions and the security infrastructure to combat the scourge.

Cybersecurity practices for entrepreneurs

What better day than international Data Privacy Day, observed every year on January 28 by the U.S., Canada, Israel, Nigeria and 47 European countries, to implement cybersecurity measures in your organization? We have put together a few practices to help you feel more secure about the information flowing in and out of your network.

1. Educate your employees on cybersecurity basics

Rather than just directing your employees on what security measures to follow, train them on the “why” behind the implementation of those practices. Giving them an insight into the real-world cybersecurity threats that they encounter daily will help them recognize risky behaviors as well as manage them proactively. This provides you with another type of security buffer.

How can you train the staff on cybersecurity threats? Educating staff to have a working knowledge of cybersecurity will require effort, time and financial resources, but it’s a worthy investment. To make the process easier on you and your budget, consider holding the training on a staggered basis across verticals. For example, start by training your remote marketing and sales teams, which are at the most risk of data breaches. 

2. Adopt a zero-trust framework 

If you have modeled your IT security setup in the traditional castle-and-moat style, you need to rethink this approach. While the model ensures that only verified individuals can get into your system, it gives them full access to roam freely once they’re in. And this could leave you completely vulnerable to cyberattack — one breach and all your connected systems are exposed to risk.

Embracing the zero-trust security framework can help you block unknown interactions and close many of the gaps that could be leaving your data and workflows at risk.

How can you initiate zero-trust thinking into your workflows? Often, employees have more access than they require. Consider shifting to giving users only the access they need. While initially this might create narrowly defined trust zones and temporarily slow productivity, bringing in artificial intelligence and machine learning can help you operate at the necessary velocity. As Vats Srivatsan, president and CEO of ColorTokens explains, leveraging AI/ML can help businesses regain efficiency by expanding the trust zones that will allow for effective and speedy operations.

3. Switch to two-factor authentication

Consider moving to two-factor authentication for added security. While this may seem like an extra step, having two gates is far superior to having just one. It is akin to the castle analogy, wherein having a double wall confers an additional layer of defense against invaders. Two-step authentication entails using two knowledge factors like a password and a PIN. Another example is using two different factors such as a password and a one-time passcode sent to a mobile device via SMS.

How can you move to two-factor authentication? To begin with, you may need to work with your software providers to find out whether two-factor authentication is available. If it is not, consider using authenticator apps as a two-factor authentication solution.