NEW YORK — Small businesses can take steps to make their computers and websites less vulnerable to cybercriminals, but owners also need to be vigilant about protecting their data.
Cybersecurity has some basic components, such as using anti-virus and anti-malware programs on all devices, and making sure that updates and patches that hardware and software makers periodically send out are installed, says James Goepel, CEO of Fathom Cyber, a cybersecurity consulting firm.
Another aspect of cybersecurity is education for everyone, including the owner, about the dangers of clicking on links and attachments in emails. That’s a common way for phishing scams to occur; these attacks use realistic-looking emails to trick computer users into downloading harmful software onto computers, phones and other devices.
There are plenty of resources online to help owners understand what they need to do. The website for the Federal Communications Commission lists the basics, and also has links to organizations and technology companies that supply more details. Visit www.fcc.gov/general/cybersecurity-small-business.
Goepel recommends owners visit the website for the Center for Internet Security, which has a comprehensive description of cybersecurity practices. It can be found at www.cisecurity.org.
But protecting a company against cyberattacks must be a thorough and ongoing process to be effective. An owner trying to stay on top of patches, updates and changes while also dealing with all the aspects of running a business is likely to need help. Unless there is a dedicated technology staffer in the company, the best strategy is to hire professionals whose work is to monitor companies’ systems and be sure their protection is up to date. Similarly, websites need to be monitored to be sure they’re not hacked — and if they are, to deal with the invasion immediately.
Small firms are increasingly targets for attackers, according to insurer Hiscox, which commissioned a survey of 5,400 companies and organizations about cybersecurity in late 2018. Forty-seven percent of small businesses, those with under 50 employees, reported at least one or more cyberattacks, up from 33 percent in a survey a year earlier. Among mid-sized companies, those with between 50 and 249 staffers, 63 percent reported they’d been hit by a cyberattack, up from 36 percent.
