Small Business Cybersecurity: 7 Ways to Protect Your Business’s Data

Highlights:

  • Common threats

  • Cybersecurity best practices

  • Educate your employees

  • Evolve your cybersecurity strategy

author-image

Par

Small businesses without full-time IT staff are often an attractive target of cybercriminals because of their perceived vulnerability. According to the most recent TrendMicro/Ponemon Institute Cyber Risk Index, businesses with fewer than 100 employees face the worst risk, as compared to the industry average.1 2

A breach can be devastating: A recent Intel-sponsored survey by J. Gold Associates found that for small businesses, the average cost of a data breach was more than $100,000.3 In addition to lost business and consumer trust, non-compliance with regulations like the credit card industry’s Payment Card Industry Data Security Standard (PCI DSS) can result in penalties of thousands of dollars per month and termination of your merchant account.4

While this can seem frightening, the good news is that today’s technology helps businesses like yours stand tough against cybercrime. To better protect your business and customer data, start by creating your own small business IT security plan.

Read on to learn about the different types of threats and how a few simple steps and secure technology can help harden your defenses against them.

Common Threats

The first step in protecting your small business from data breaches—which can include unauthorized access to banking information, customer contacts and personal information, and proprietary product and financial data—is to understand the different types of threats.

Malware

Malware (“malicious software”) is a broad term that covers the many ways cybercriminals gain access to devices, networks, websites, and ultimately your data. Types of malware include:

  • Viruses, which are contagious and replicate themselves throughout your system and other connected devices
  • Spyware that runs in the background of your device, tracking your internet activity
  • Keyloggers that log keystrokes to steal data and passwords
  • Worms, which replicate like viruses, but with the goal of destroying data as the worms proliferate
  • Trojans, which appear to be legitimate programs so they can gain access to modify, copy, and delete data, and provide backdoor network access. Subcategories of Trojans include backdoor Trojans that allow remote control over the infected device, rootkits that help disguise malware so it can run undetected, and bots that infect large numbers of computers, creating a “botnet” that reports back to a hacker’s central computer

Phishing

Phishing is a type of social engineering attack, which means people are tricked into clicking on links that download malicious programs or providing sensitive information. Usually, you receive a spoofed email with a malware-infected attachment or a link to a site that downloads malware to your device. The link may also direct you to a spoof website with a form that requests sensitive information like passwords. Social engineering attacks can also be conducted on websites via spoofed links on social media or shared photos infested with malware.

Ransomware

Ransomware is a mix of social engineering and malware. After clicking on a spoofed link or file, your device is infected by Trojan malware. Once infected, you’re locked out of your data or system by the program until you agree to pay a ransom. According to the Ponemon survey, ransomware attacks are on the rise, with 61% of small businesses experiencing them in 2018 vs. 52% in 2017.1

Cybersecurity Best Practices

To strengthen your small business against these threats, put these small business IT security best practices into action:

  1. Upgrade your technology. In a recent Intel-commissioned survey of small businesses, PCs more than five years old represented 34% of the malware attacks reported, compared to just 6% of devices less than 1 year old.3 Newer devices have added security features for today’s threats, including fingerprint scanning and the hardware-enabled security features of the latest Intel® Core™ processors.
  2. Take advantage of Windows* 10 Pro security. With new devices comes the latest Windows operating system. Configure Windows* 10 Pro to only run authorized apps, use Windows Hello for two-step verification, and enable BitLocker, which encrypts sensitive data in case your device is lost, stolen, or breached.
  3. Improve password use. In the Ponemon survey, 40% of respondents said their companies experienced an attack involving password compromise.5 Set password strength and update requirements with Windows group policy or mobile device management software.
  4. Implement multi-factor authentication (MFA). This secure method of logging into an account or device requires more than one verification, using something that you know (password or PIN), something you have (a token), and something that you are (a fingerprint).
  5. Set up a Windows domain. This allows you to easily authorize users, groups, and computers to access local and network data.
  6. Stay connected without public Wi-Fi. Intel Always Connected PCs with 4G LTE connectivity allow you and your employees to stay online without risking your data by using unsecure public connections.
  7. Consider Device as a Service (DaaS). This new way of managing devices provides an IT security solution for small businesses by rolling the cost of your devices, updates, and ongoing service into a single monthly payment for a specific term, usually two to four years. Your DaaS vendor will help you select devices, optimize security settings, and keep your technology updated.

Educate Your Employees

Your data security is only as strong as your employees’ knowledge of current security best practices. Train employees to:

  • Recognize social engineering scams like phishing and spoofed forms and links
  • Understand data security regulations that affect your industry
  • Improve their password hygiene
  • Know what to do if they click on a malware link or otherwise compromise your business’s data or network
  • Understand how data security can provide a first line of defense against hackers

Evolve Your Cybersecurity Strategy

As hackers evolve with ever more clever and sophisticated methods of attacking businesses, you can evolve your cybersecurity strategy as well—thanks to technological advances. To learn more about ways the latest Intel® Core™ processors can help make your business more secure, visit intel.com/smallbusiness.

Infos sur le produit et ses performances

1

L'Indice d'exposition aux cyber risques (CRI) de Trend Micro et le Ponemon Institute est une mesure complète du niveau de sécurité actuelle d'une organisation et de ses probabilités de se faire attaquer. Il est basé sur une échelle numérique allant de -10 à 10, -10 représentant le plus haut niveau de risque. Il est actualisé tous les six mois. La moyenne actuelle des petites entreprises < 100 employés est de -0,54, bien plus élevée que celle des moyennes entreprises (100-1000 employés) qui est de -0,15 et que celle des grandes entreprises (> 1000 employés) qui est de 0,21. Ces moyennes ont été documentées le 6 décembre 2019.

2

Intel ne maîtrise et ne vérifie pas les données tierces. Nous vous recommandons de vérifier ce contenu, de consulter d'autres sources et de vous assurer que les données référencées sont exactes.

3

Statistiques obtenues à partir d'une enquête en ligne réalisée en 2018 auprès de 3 297 répondants issus de petites entreprises réparties dans 16 pays (Afrique du Sud, Allemagne, Arabie Saoudite, Australie, Canada, Chine, Émirats arabes unis, Espagne, États-Unis, France, Inde, Italie, Japon, Mexique, Royaume-Uni, Turquie) pour le compte d'Intel et menée par J. Gold Associates, LLC., pour évaluer les difficultés et les coûts liés à l'utilisation d'ordinateurs plus anciens. Pour obtenir les détails de l'étude, cliquez ici.

4

Conseil des normes de sécurité PCI, page Web : Why Security Matters, consulté le 21 janvier 2020.

5

L'enquête 2018 State of Cybersecurity in Small & Medium Size Businesses, parrainée par Keeper Security Inc. et menée indépendamment par Ponemon Institute LLC, avait pour objectif de déterminer comment les petites et moyennes entreprises faisaient face aux mêmes menaces que celles auxquelles sont confrontées les grandes entreprises. Environ 1 045 personnes travaillant dans le domaine de la sécurité informatique dans des entreprises américaines et britanniques ont été interrogées. 157 des 1 045 participants provenaient d'organisations comptant moins de 100 employés. Pour plus d'informations, consultez : https:///keepersecurity.com/assets/pdf/Keeper-2018-Ponemon-Report.pdf