Small Business Cybersecurity: 7 Ways to Protect Your Business’s Data

Highlights:

  • Common threats

  • Cybersecurity best practices

  • Educate your employees

  • Evolve your cybersecurity strategy

author-image

Small businesses without full-time IT staff are often an attractive target of cybercriminals because of their perceived vulnerability. According to the most recent TrendMicro/Ponemon Institute Cyber Risk Index, businesses with fewer than 100 employees face the worst risk, as compared to the industry average.1 2

A breach can be devastating: A recent Intel-sponsored survey by J. Gold Associates found that for small businesses, the average cost of a data breach was more than $100,000.3 In addition to lost business and consumer trust, non-compliance with regulations like the credit card industry’s Payment Card Industry Data Security Standard (PCI DSS) can result in penalties of thousands of dollars per month and termination of your merchant account.4

While this can seem frightening, the good news is that today’s technology helps businesses like yours stand tough against cybercrime. To better protect your business and customer data, start by creating your own small business IT security plan.

Read on to learn about the different types of threats and how a few simple steps and secure technology can help harden your defenses against them.

Common Threats

The first step in protecting your small business from data breaches—which can include unauthorized access to banking information, customer contacts and personal information, and proprietary product and financial data—is to understand the different types of threats.

Malware

Malware (“malicious software”) is a broad term that covers the many ways cybercriminals gain access to devices, networks, websites, and ultimately your data. Types of malware include:

  • Viruses, which are contagious and replicate themselves throughout your system and other connected devices
  • Spyware that runs in the background of your device, tracking your internet activity
  • Keyloggers that log keystrokes to steal data and passwords
  • Worms, which replicate like viruses, but with the goal of destroying data as the worms proliferate
  • Trojans, which appear to be legitimate programs so they can gain access to modify, copy, and delete data, and provide backdoor network access. Subcategories of Trojans include backdoor Trojans that allow remote control over the infected device, rootkits that help disguise malware so it can run undetected, and bots that infect large numbers of computers, creating a “botnet” that reports back to a hacker’s central computer.

Phishing

Phishing is a type of social engineering attack, which means people are tricked into clicking on links that download malicious programs or providing sensitive information. Usually, you receive a spoofed email with a malware-infected attachment or a link to a site that downloads malware to your device. The link may also direct you to a spoof website with a form that requests sensitive information like passwords. Social engineering attacks can also be conducted on websites via spoofed links on social media or shared photos infested with malware.

Ransomware

Ransomware is a mix of social engineering and malware. After clicking on a spoofed link or file, your device is infected by Trojan malware. Once infected, you’re locked out of your data or system by the program until you agree to pay a ransom. According to the Ponemon survey, ransomware attacks are on the rise, with 61% of small businesses experiencing them in 2018 vs. 52% in 2017.1

Cybersecurity Best Practices

To strengthen your small business against these threats, put these small business IT security best practices into action:

1. Upgrade your technology. In a recent Intel-commissioned survey of small businesses, PCs more than five years old represented 34% of the malware attacks reported, compared to just 6% of devices less than 1 year old.3 Newer devices have added security features for today’s threats, including fingerprint scanning and the hardware-enabled security features of the latest Intel® Core™ processors.

2. Take advantage of Windows* 10 Pro security. With new devices comes the latest Windows operating system. Configure Windows* 10 Pro to only run authorized apps, use Windows Hello for two-step verification, and enable BitLocker, which encrypts sensitive data in case your device is lost, stolen, or breached.

3. Improve password use. In the Ponemon survey, 40% of respondents said their companies experienced an attack involving password compromise.5 Set password strength and update requirements with Windows group policy or mobile device management software.

4. Implement multi-factor authentication (MFA). This secure method of logging into an account or device requires more than one verification, using something that you know (password or PIN), something you have (a token), and something that you are (a fingerprint).

5. Set up a Windows domain. This allows you to easily authorize users, groups, and computers to access local and network data.

6. Stay connected without public Wi-Fi. Intel Always Connected PCs with 4G LTE connectivity allow you and your employees to stay online without risking your data by using unsecure public connections.

7. Consider Device as a Service (DaaS). This new way of managing devices provides an IT security solution for small businesses by rolling the cost of your devices, updates, and ongoing service into a single monthly payment for a specific term, usually two to four years. Your DaaS vendor will help you select devices, optimize security settings, and keep your technology updated.

Educate Your Employees

Your data security is only as strong as your employees’ knowledge of current security best practices. Train employees to:

  • Recognize social engineering scams like phishing and spoofed forms and links
  • Understand data security regulations that affect your industry
  • Improve their password hygiene
  • Know what to do if they click on a malware link or otherwise compromise your business’s data or network
  • Understand how data security can provide a first line of defense against hackers

Evolve Your Cybersecurity Strategy

As hackers evolve with ever more clever and sophisticated methods of attacking businesses, you can evolve your cybersecurity strategy as well—thanks to technological advances. To learn more about ways the latest Intel® Core™ processors can help make your business more secure, visit intel.com/smallbusiness.

Informações de produto e desempenho

1

O Cyber Risk Index (CRI) da Trend Micro e do Ponemon Institute é uma medida abrangente sobre a postura de segurança atual de uma organização e sua probabilidade de ser atacada. É baseado em uma escala numérica de -10 a 10, com -10 representando o nível mais alto de risco, e é atualizado a cada seis meses. A média atual para pequenas empresas com menos de 100 funcionários é de -0,54, muito mais alta do que para empresas de médio porte, com 100 a 1000 funcionários, que é de -0,15 e para empresas com mais de 1000 funcionários, que é de 0,21. Essas médias foram documentadas em 6 de dezembro de 2019.

2

A Intel não controla ou audita dados de terceiros. Você deve rever esse conteúdo, consultar outras fontes e confirmar a precisão dos dados mencionados.

3

Estatísticas de uma pesquisa realizada na web em 2018 com 3.297 participantes de pequenas empresas em 16 países (Austrália, Canadá, China, França, Alemanha, Índia, Itália, Japão, México, Arábia Saudita, África do Sul, Espanha, Turquia, Emirados Árabes Unidos, Reino Unido e Estados Unidos da América) encomendada pela Intel e conduzida pela J. Gold Associates, LLC, para avaliar os desafios e os custos de usar PCs mais antigos. Veja os detalhes do estudo aqui.

4

Página do site do PCI Security Standards Council: "Why Security Matters" (Qual a importância da segurança, em português), acessado em 21 de janeiro de 2020.

5

Na pesquisa “2018 State of Cybersecurity in Small & Medium Size Businesses” (tradução livre: “Estado da segurança na internet em pequenas e médias empresas em 2018"), patrocinada por Keeper Security Inc. e realizada de maneira independente por Ponemon Institute LLC, foram entrevistados aproximadamente 1.045 indivíduos na função de segurança de TI de empresas dos EUA e do Reino Unido para rastrear como pequenas e médias empresas lidam com as mesmas ameaças encontradas por organizações maiores. Centro e cinquenta e sete dos 1.045 participantes da pesquisa eram de organizações com menos de 100 funcionários. Para obter mais informações: https://keepersecurity.com/assets/pdf/Keeper-2018-Ponemon-Report.pdf