In many ways, today’s cybersecurity landscape can be likened to World War III. It’s an invisible war . . . but it teems beneath the surface of every connected “smart” device and computer as you go about your daily work. We’re offering a checklist of preventative measures below on how to avoid being hacked. It may be hard to believe that your PC or your small business is being actively targeted—but as experts who have worked in the data security field here in Los Angeles for decades, we can assure you that’s the case.
So often we’re told by clients that they are too small to be targeted, or that they do not retain data important enough for targeting. The truth is that there are only two types of small business owners: the ones who know they’ve been hacked and the ones that don’t know just yet. It’s true; hackers are not targeting individual small businesses—for the most part. But this is because they are targeting EVERYONE. Ransomware, malware, and viruses do not discriminate. Without the proper protections in place everyone is vulnerable.
2021 Cybersecurity Statistics for Small Companies
- In Canada, nearly a quarter of ALL small businesses have been hit by a cyberattack since the start of the pandemic
- Businesses have lost at least $114 billion annually from data breaches, with approximately 25 percent taking place due to negligence
Approximately 20 percent of SMBs (small businesses) have fallen victim to one or more types of ransomware attacks
Hacking Prevention is Worth A Pound of Cure
Benjamin Franklin’s axiom about an ounce of prevention being worth a pound of cure relates quite well to cyber security issues faced by Los Angeles businesses. It is particularly relevant post-pandemic, because remote work dramatically increased the number of security challenges faced by small business leaders. How to prevent hacking in the post-COVID-19 world, as Vikas Agrawal writes in Forbes, means that “SMBs cannot afford to apply traditional solutions to matters relating to cybersecurity, especially considering how much these businesses have become dependent on digital infrastructure to weather the storm.”
Your Los Angeles IT Security Checklist
Consider these a baseline for any industry, including architecture, financial and banking, entertainment, healthcare, law, and others.
Step 1: Analyze all information assets and systems in scope: This includes all computers, servers, networks, smartphones and tablets, IT systems, and applications. Those systems being utilized by remote workers apply.
Step 2: Confirm your current investment in cybersecurity: This task begins with appointing a focal person for IT security. If no such person exists it’s likely time to take on IT help. Define the percentage of your budget currently invested in cybersecurity measures and commit to progressive improvements.
Step 3: Develop an incident response plan. Assume that a cybersecurity event WILL take place and prepare for it. This plan should be written down and include contact information, comms for communicating with stakeholders and staff, and an insurance policy.
Step 4: Set up automatic patching for operating systems and applications. IT vendors release patches regularly to guard against looming security threats. Ensure your systems are adopting these patches automatically as they are released.
Step 5: Install security software. Anti-malware and anti-virus solutions are a must. They should be updating and scanning automatically.
Step 6: Review security settings on all devices. Smartphones and computers should not be set to default administrative passwords. Change the passwords, enable necessary security features, and turn off the ones that aren’t required for business objectives.
Step 7: Set up user authentication. Cybersecurity consultants advise all small businesses to utilize 2-factor authentication and develop clear guidelines for password development and implementation.
Step 8: Backup and encrypt data. You may not think you’ve got much data to protect, but even birthdates and social security numbers can easily be exploited by hackers. Create clear procedures on backing up and encrypting all business data.
Step 9: Move to the cloud. Cloud service providers are inherently more secure (and extremely budget-friendly.)
Step 10: Educate your staff. None of the measures instructed for implementation above will have any effect if your employees do not know how to safely utilize their IT equipment. Employee awareness training is a must and can be provided by top cybersecurity companies (like ClearFuze.)
Read more about how to implement these cybersecurity measures in our 2-part cybersafety blog series. To request your own complimentary ClearONE cybersecurity screening from ClearFuze, send us an email today. Let us help you with the big picture and keep you safe so that you can focus on your core business.