Experts predict that by 2025, cybercrime will cost the world more than $10.5 trillion per year. That’s a lot of money by anyone’s standards, and it’s not just a problem for big companies. Businesses of all shapes and sizes are at risk, and entrepreneurs can’t afford to look the other way or assume they’re too insignificant to become the target of cybercrime.
But the data shows that small businesses are unprepared. Although 88% of small business leaders told the US Small Business Administration that they felt at risk, they also felt confused about how to protect their data, employees, customers and reputation.
If you count yourself among the founders and CEOs trying to thwart cybercrime at its root, you have a choice. As a nod to Data Privacy Day on January 28, why not implement one or more of the following security practices that can help you feel more secure about information coming in and going out of your system?
1. Adopt a zero-trust framework supported by AI and machine learning.
Have you set up your IT security in a kind of “castle and moat” style? In other words, you make sure to verify the identity of everyone who tries to enter your system, but once they are there, you give them full access to roam freely? This is a common security approach that could leave you vulnerable to a cyberattack.
The problem is that many cybercrimes are “inside jobs”. All a criminal has to do is enter your internal system. One breach, and suddenly all of your connected systems are at risk.
Embracing the idea of a zero-trust framework can close many of the gaps that could put your team and its data at risk. In an article for CISO Mag, Vats Srivatsan, President and COO of ColorTokens, explains the power of zero trust policies. He writes, “By definition, they allow organizations to instantly block new threat vectors and unknown interactions instead of allowing time for such interactions to occur.
How can you initiate zero-trust thinking in your workflows? Grant users only the access they need. Many employees have more access than they need. While it may seem like it’s slowing down productivity, you can get your efficiency back by pairing zero-trust systems with AI and machine learning. This way, the system will create what Srivatsan calls “tightly defined trust zones” that still allow efficient and fast operations.
2. Switch to two-factor authentication.
Two-factor authentication might seem like an annoying extra step, but it’s worth it for the extra security. Having two “doors” is far superior to having just one. Think back to the castle analogy: isn’t a castle with a double wall more protected than a castle with a single wall?
You will probably need to explain to your team members why they can no longer rely on their passwords alone to protect themselves. Passwords are hardly secure. Sophisticated hackers can break through password barriers quickly, and once inside, they can wreak havoc.
Setting up two-factor authentication on all your systems can take a bit of time. You may also need to work with your software provider to see if two-factor authentication is available. If not, you’re out of luck. An article from The Verge talks about the possibility of using authenticator apps as a two-factor authentication solution.
3. Train your staff in the basics of cybersecurity.
The average worker at your company may not know much about cybersecurity. Yes, employees have probably heard of sophisticated and well-known phishing or ransomware attacks that have made headlines across the web. Yet even a small-scale breach can be difficult for a small business to overcome.
Rather than just telling your team members what to do, like with two-factor authentication, also train them on the “why” behind the implementation. Giving them a deeper understanding of the real cybersecurity threats they encounter on a daily basis puts them on your side of the table. They’re starting to think like owners, which means starting to recognize risky behavior when they see it, including in their own departments.
Does it take effort, time and financial resources to train everyone so that they have a working knowledge of cybersecurity? Absoutely. Still, it can provide great security coverage. To make the process easier for you and your budget, you can stagger training across verticals. For example, members of your remote marketing and sales team may be the most exposed to data breaches because they connect from many places. As a result, forming them in small bursts might be a good place to start.
Just be sure not to use scare tactics to try to keep your teams compliant. Fear can be a motivator, but it doesn’t need to guide your cybersecurity training. Workers should leave meetings and sessions feeling empowered, not terrified they’re destroying your brand.
You may not have a big business (yet!). But that doesn’t mean you can’t put up huge hurdles for anyone with cybercrime in mind.