5 ways small businesses can protect against cybercrime

Small-business owners often think they’re immune to cybercrime, figuring that hackers are after bigger fish. A recent survey by the National Cyber Security Alliance and Symantec found that 77% of small and medium-size businesses believe they’re safe from hackers, viruses and malware. And 83% of SMBs take no formal measures against cyberthreats — even though almost half of all attacks are aimed at SMBs.

In fact, many people don’t even spend five minutes to come up with a secure password. The two most common computer passwords today are “password” and “123456,” according to security software firm SplashData.

Protecting your systems, data and hardware may cost time and money. But the consequences of a cyberattack can be far more expensive. In the space of four hours last May, cyberthieves drained $1.2 million from the bank accounts of Brooklyn, NY, mannequin-maker Lifestyle Forms & Displays. And while the company was able to recoup some of the money, most businesses aren’t so lucky, since the courts seldom hold banks liable in cyberattacks. Instead, the onus is on the business to protect itself from any cyberthreat — and absorb the damages.

Don’t take the risk of remaining vulnerable. Here are five steps you can take to shield your small business from cyberattack.

1. Shore up weak points. Passwords are the best place to start. Make sure you and your employees change them regularly, and don’t use the same password for all your accounts. Enforce password policies with rules for complexity and frequent changes. A good standard is to change passwords every two months

Firewalls are another must-have for small businesses, especially if customer data and other sensitive information are linked to the Internet. Also make sure that updated antivirus software and spyware are installed on every worker’s computer.

2. Designate a banking-only computer. Fraud is the biggest risk for small businesses. The 2011 Business Banking Trust Study showed that 56% of businesses experienced payment fraud, or an attempt at fraud, in the 12 months preceding April 2011; 75% experienced account takeover and fraud online.

One easy way to fight fraud is to use a dedicated computer for all online financial transactions. Because this machine is not used for email, web-surfing or social media, it’s much harder for outsiders to gain access to your sensitive information. Also make sure to review your banking transactions daily, so you can spot fraud in near real time and possibly recover the funds.

3. Back it up. Small businesses can lose data as well as money in a cyberattack. But until now, most haven’t been able to afford an online data-backup solution. Thanks to cloud computing and other Internet technologies, data-backup services are finally cost-effective for small-business owners. Some of these services, like DropBox and Carbonite, will only set you back a few hundred dollars a year.

4. Educate employees. Employees are your first line of defense against cybercriminals — but they’re also your biggest security hole. Negligent employees are the most common cause of data breaches.

You can greatly reduce your risk by educating your staff on basic security measures, such as how to recognize potential threats and why it’s important always to take precautions. A security plan without active participation by your employees is like an alarm system that’s never switched on.

5. Get insured. No matter how hard you try, you’ll never be completely safe from cybercrime. So you need a last line of defense. One of the best is an insurance policy that covers any losses from cybercrime and computer fraud. Many policies are affordable, considering what’s at stake. Some cost just a few hundred dollars a year.

Source : http://www.forbes.com/