As a bank in today’s digital environment, cyber security concerns play a heavy hand in how we approach evolving customer needs, internal processes, and regulatory requirements. But in our current landscape, where companies of all sizes and in myriad industries can find themselves susceptible to hacks, cyber security isn’t just for banks. With National Cyber Security Awareness Month coming to a close, there’s still a good excuse for all of us to bring cyber safety to the forefront.
Today’s small businesses are in a particularly tough spot. Often lacking the funds and resources to invest in the protective measures larger corporations have in place (elaborate firewalls or a security expert on staff, for example), small businesses can find themselves at a disadvantage in terms of keeping their assets and information safe. This is why, as I’ve discussed in the past, small businesses have become a main target for cyber-attacks. Though money may present the biggest obstacle, many business owners are falling into more avoidable traps as well – often putting sensitive company information at risk.
Regardless of resources, here are three cyber security mistakes no business owner should make.
Underestimating employee education.
For a company with limited resources, employees can be tremendously valuable “watch dogs” if they’re given the proper tools and education. Very few of us are experts on cyber security, and employees often expect their work files and information to be automatically protected through antivirus or company filters. Providing rudimentary information about cyber safety and best practices – and arming employees with a few quick tips like the following – can help prevent avoidable security incidents.
Learn to identify harmful “phishing” emails by looking out for incorrect grammar and inaccuracies in the message body, and place your mouse pointer over any link to verify the URL before clicking.
Don’t use bookmarks or web browser shortcuts – attackers can make modifications on the back end so it links somewhere else. Instead, open up your internet search and type in exactly what you’re looking for.
When you’re working remotely, never use public WiFi. You might think your local coffee shop is safe, but shockingly, these hotspots are often unmanaged and highly insecure, leaving your computer or device vulnerable to an attack. Be aware of hacking risks to your smart phone via SMS texting, voicemail, apps and Bluetooth as well.
Not having the right safety net.
Up-training your employees – the end users – is the most critical step you can take to protect your business from cyber threats, as ultimately, your security measures are only as good as how smart your employees are. But even the most cautious users can make mistakes, particularly as phishing scams – or spear phishing, when an email appears to be from someone you know – become more sophisticated.
This is where your “safety net” falls into place – the spam filters, customized rules, email encryption safety guards, and internet content filters that categorize sites into various classifications to effectively block out the most notoriously malicious types of web traffic. A small business may not have the luxury of more advanced, expensive security measures like sandboxing or whitelisting, but more basic filters can catch most known types of attacks and provide an important fallback for when human error is inevitable.
Taking a “too much” or “too little” approach.
There’s no question that the financial services industry is facing major transformation with mobile banking, payments apps and other fintech solutions on the rise – but this disruption is certainly not confined to our industry. More small businesses today are using technology to maintain a competitive edge, with recent research showing that technology helps level the playing field for small companies and can contribute to revenue growth.
This, however, opens up many new avenues for cyber threats – and businesses across the board are faced with a balancing act when it comes to security vs. convenience. From the way we streamline internal processes to how we engage with customers, we all want an experience that’s seamless, fast and easy. Having the right security measures in place is crucial, but going too far overboard can be costly and ultimately detrimental to customer experience. To strike the right balance, our IT manager suggests a “ break it and take it one step back ” strategy – hack into it so much that it breaks, then pull it back one step and test to make sure it’s usable.
When it comes to cyber security, the average business on Main Street may not have the most sophisticated systems in place, but businesses can benefit from educating employees, implementing basic safety filters, and learning to strike the right balance between security and usability. Don’t let a lack of resources be your excuse – there are steps we can all take to protect ourselves, our companies, and our clients.