If you run a business, you might feel like you have a target on your back. Digital information theft is now a bigger threat than physical theft — it's the most-reported fraud out there [source: FCC]. Hackers, scammers and identity thieves love to prey on businesses, whether they're big ones that have lots of money and valuable information or small ones that are comparatively weak and defenseless. The average cost to a company that experienced a security breach in 2014 was $3.5 million, which would devastate most small and midsize businesses [source: Ponemon Institute].
Anyone who wants to do your company harm can infiltrate in a number of ways — through your computer network or your website, using phony emails or other scams to obtain account names, passwords and other sensitive information. It used to be enough to protect the data that existed within the physical walls of your business, but that's no longer sufficient. Many businesses don't even have physical walls anymore: They might exist entirely on the Internet, with employees working independently all over the globe. On top of protecting your own systems, you also have to protect your customers' information. And the laptops and smartphones that make our lives easier also present new and challenging security issues.
Being a business owner can be pretty overwhelming in that respect, but there are plenty of steps you can take to protect yourself against ever-present security threats. Some are simple actions you can carry out on your own, and some might require professional help. But don't hesitate to improve your systems and fix weak spots — it'll be well worth the time and effort. Here are some tips.
10: Realize That You're a Target
It isn't possible to defend yourself completely against online attacks, but complacency is probably the No. 1 reason a business becomes a victim of a cybercrime. Many business owners make the mistake of assuming that their company is too puny for hackers to bother with. Hackers are very familiar with this way of thinking — they know that most small businesses aren't helmed by information technology experts with an unlimited security budget. They know "small" usually equals weak and easily exploitable.
So get prepared. There should be one person, whether it's a full-time job or not, in charge of network administration, setting up the security systems and staying current on potential threats. Creating a culture of awareness in the company is also important — all employees need to understand how to protect against a cyberattack and how to avoid inadvertently causing one. If you're not sure that everything is secure, hiring a security consultant is never a bad investment. No one is immune from security breaches.
9: Stay Updated and Backed Up
If your computer system has been operating with the same settings since day one, you need to change them. Figuring out default account names and passwords is one of the easiest steps a hacker can take to gain access to your system — it's like handing them a free pass. But that has a simple fix.
Operating systems with yesterday's software and security safeguards are also an obvious way in. It's a no-brainer to install the latest browsers, antivirus protection, spam blockers and spyware detection systems, and they can all be set to update automatically. Make sure the operating system's firewall is enabled. Your WiFi network should be secure, encrypted and hidden. All of this provides major protection without much installation and maintenance effort.
Regularly backing up files is another simple but crucial precautionary measure. You need to make sure your business won't be totally devastated if someone or something does infiltrate your systems. This is another task that can (and should) be automated. A weekly update is recommended.
8: Secure Your Site
Your top priority when beefing up your security infrastructure is probably going to be protecting the business itself. You want to ensure that no one can destroy your systems, steal your data or otherwise compromise your business. But you also have to secure your website for the sake of your customers, who submit their personal information through it and trust you to keep it safe.
Hackers exploit flaws in your site's coding and scripting — any weakness can be a route into your system. Experts say that unless a site has been audited by a security team, chances are it's rife with weaknesses. Credit card-payment processors are also common targets, so even if your site is ship-shape, your customers are still vulnerable from that angle. For that reason, sometimes it's best for small businesses to use a service like PayPal to process payments and protect customer information.
An attack that directly or indirectly targets your customers would be disastrous not only for the customers but also for your company. The public relations catastrophe alone could be enough to ruin the business, not to mention the financial aspect. It could take years for people to trust you again, if ever.