Small businesses without full-time IT staff are often an attractive target of cybercriminals because of their perceived vulnerability. According to the most recent TrendMicro/Ponemon Institute Cyber Risk Index, businesses with fewer than 100 employees face the worst risk, as compared to the industry average.1 2
A breach can be devastating: A recent Intel-sponsored survey by J. Gold Associates found that for small businesses, the average cost of a data breach was more than $100,000.3 In addition to lost business and consumer trust, non-compliance with regulations like the credit card industry’s Payment Card Industry Data Security Standard (PCI DSS) can result in penalties of thousands of dollars per month and termination of your merchant account.4
While this can seem frightening, the good news is that today’s technology helps businesses like yours stand tough against cybercrime. To better protect your business and customer data, start by creating your own small business IT security plan.
Read on to learn about the different types of threats and how a few simple steps and secure technology can help harden your defenses against them.
The first step in protecting your small business from data breaches—which can include unauthorized access to banking information, customer contacts and personal information, and proprietary product and financial data—is to understand the different types of threats.
Malware (“malicious software”) is a broad term that covers the many ways cybercriminals gain access to devices, networks, websites, and ultimately your data. Types of malware include:
- Viruses, which are contagious and replicate themselves throughout your system and other connected devices
- Spyware that runs in the background of your device, tracking your internet activity
- Keyloggers that log keystrokes to steal data and passwords
- Worms, which replicate like viruses, but with the goal of destroying data as the worms proliferate
- Trojans, which appear to be legitimate programs so they can gain access to modify, copy, and delete data, and provide backdoor network access. Subcategories of Trojans include backdoor Trojans that allow remote control over the infected device, rootkits that help disguise malware so it can run undetected, and bots that infect large numbers of computers, creating a “botnet” that reports back to a hacker’s central computer.
Phishing is a type of social engineering attack, which means people are tricked into clicking on links that download malicious programs or providing sensitive information. Usually, you receive a spoofed email with a malware-infected attachment or a link to a site that downloads malware to your device. The link may also direct you to a spoof website with a form that requests sensitive information like passwords. Social engineering attacks can also be conducted on websites via spoofed links on social media or shared photos infested with malware.
Ransomware is a mix of social engineering and malware. After clicking on a spoofed link or file, your device is infected by Trojan malware. Once infected, you’re locked out of your data or system by the program until you agree to pay a ransom. According to the Ponemon survey, ransomware attacks are on the rise, with 61% of small businesses experiencing them in 2018 vs. 52% in 2017.1
Cybersecurity Best Practices
To strengthen your small business against these threats, put these small business IT security best practices into action:
1. Upgrade your technology. In a recent Intel-commissioned survey of small businesses, PCs more than five years old represented 34% of the malware attacks reported, compared to just 6% of devices less than 1 year old.3 Newer devices have added security features for today’s threats, including fingerprint scanning and the hardware-enabled security features of the latest Intel® Core™ processors.
2. Take advantage of Windows* 10 Pro security. With new devices comes the latest Windows operating system. Configure Windows* 10 Pro to only run authorized apps, use Windows Hello for two-step verification, and enable BitLocker, which encrypts sensitive data in case your device is lost, stolen, or breached.
3. Improve password use. In the Ponemon survey, 40% of respondents said their companies experienced an attack involving password compromise.5 Set password strength and update requirements with Windows group policy or mobile device management software.
4. Implement multi-factor authentication (MFA). This secure method of logging into an account or device requires more than one verification, using something that you know (password or PIN), something you have (a token), and something that you are (a fingerprint).
5. Set up a Windows domain. This allows you to easily authorize users, groups, and computers to access local and network data.
6. Stay connected without public Wi-Fi. Intel Always Connected PCs with 4G LTE connectivity allow you and your employees to stay online without risking your data by using unsecure public connections.
7. Consider Device as a Service (DaaS). This new way of managing devices provides an IT security solution for small businesses by rolling the cost of your devices, updates, and ongoing service into a single monthly payment for a specific term, usually two to four years. Your DaaS vendor will help you select devices, optimize security settings, and keep your technology updated.
Educate Your Employees
Your data security is only as strong as your employees’ knowledge of current security best practices. Train employees to:
- Recognize social engineering scams like phishing and spoofed forms and links
- Understand data security regulations that affect your industry
- Improve their password hygiene
- Know what to do if they click on a malware link or otherwise compromise your business’s data or network
- Understand how data security can provide a first line of defense against hackers
Evolve Your Cybersecurity Strategy
As hackers evolve with ever more clever and sophisticated methods of attacking businesses, you can evolve your cybersecurity strategy as well—thanks to technological advances. To learn more about ways the latest Intel® Core™ processors can help make your business more secure, visit thailand.intel.com/smallbusiness.