Half of all small businesses suffered a cyber attack in the last year. Is your business ready to recover?
How well is your business prepared to recover quickly from a cyber attack? A recent Ponemon study reported that half of all small businesses had been targeted by malicious hackers within the past year. Sadly, many small- and mid-sized businesses lack a tested recovery plan. These attacks can cripple operations and in the worst cases, put victims out of business permanently. If your excuse for not creating a recovery plan is that your company lacks resources, then you will certainly lack the resources to recover your computer systems.
Hopefully, you already have implemented good security software and policies. Nothing can offer your company a 100-percent guarantee against cyber attacks or even accidents that might damage your data and computer systems. If you get hit, you need to make certain that you can bounce back fast.
Consider including these steps in your rapid recovery plan:
As a start, you should ensure that you have an automatic system to create backups of your data, software, and even computer systems. If the worst happens, you can simply wipe everything clean and start over. It’s not enough to just create backups. You really need to make sure that your recovery software and processes have been tested long before you need to rely on them to keep operating.
If you think that creating a reliable backup and recovery system is beyond the scope of your company’s skill, you may consider investing in a third-party service that will handle the job for you. Having systems and data backups stored offsite also helps to protect your valuable assets against physical threats like fires or storms.
Use Encryption Software for Sensitive Data
Do you store credit card numbers, sensitive patient data, or anything else that would harm you and your customers if it falls into the wrong hands? If so, you should use software that encrypts that data before it transmits it over or outside of your network. Even if hackers steal encrypted data, they shouldn’t be able to make use of it.
Your encryption protection should also include communications, so make certain that your employees use email and text messaging systems that offer encryption security. That could mean limiting the use of personal phones or at least, ensuring that employees use secure apps that you may provide for them.
Monitor Your Network for Suspicious Activity
Really, the best way to detect malicious activity from inside or outside your company is to keep gathering data about how your systems get used. Monitoring software can provide full reports and also send alerts and block suspicious activity. You can use software or even a third-party security service to help you with this task if it falls beyond the scope of your company’s resources.
According to the Ponemon report, these outside security services have become increasingly popular with SMBs because they offer them affordable access to the same kind of expertise and tools that larger companies may already benefit from.
Enforce Good Security Policies
The Ponemon report found that mistakes made by employees and contractors accounted for a good share of issues with digital assets. You may need to work with a consultant to create good IT governance policies to protect your company in this age of cloud computing, phishing scams, and employees’ mobile devices.
After you create those policies, you need to make sure you educate employees about how to adhere to them and how you plan to enforce them. You may also add an extra layer of protection by using a cloud-based gateway service that will control, monitor, and report upon all access attempts. With these services, you can set access rules that will automatically enforce your security policies. If an employee tries to access your accounting system with his mobile phone, the system won’t allow it and will keep a report.
Create Crisis-Ready Alternate Systems for Critical Functions
Instead of waiting for backups to complete, you might have alternative systems setup just in case your primary computers get corrupted. These days, some companies even take the extra step of using multiple cloud providers to store data and software just in case the primary provider has problems.
Having to duplicate your business systems will certainly cost more. However, the assurance of business continuity may make it a great investment if you do suffer from a cyber attack. As recently as this year, Amazon Web Services had problems that impacted some customers for several hours in the middle of the day. Having the luxury of instantly switching to an alternate system can save some companies thousands of dollars.
Consider the example of a small, Midwestern company that lost its network because an employee accidentally clicked a link in a phishing email. This online retailer found itself infested with ransomware. The ransomware encrypted all of the company’s records and demanded $50,000 in exchange for the decryption key. The company’s owner actually paid the ransom, but perhaps unsurprisingly, the encryption key did not work. The backup systems had not been attended to, and the owner ended up closing the company because he could not afford to rebuild from scratch.
According to a report in the Denver Post, over half of small businesses close within six months of devastating cyber attacks. Those that do survive, lose hundreds of thousands of dollars to lost time, damaging press, and their recovery. Instead of hoping that your business won’t fall victim, you can prepare to recover quickly and minimize damage.