(816) 468-4989

SBA Award Winning Certified Development Corporation

Your Cybersecurity Is Your Business Security

Small businesses face an increasingly dire situation when it comes to cyber attacks and cyber crime.

While many large businesses have layers of protection, small businesses often rely on a patchwork of security that leaves them vulnerable to the growing range of threats. Some of these threats are surprisingly unsophisticated, but are effective because they rely on known vulnerabilities that can cost a company significantly.

Cyber attacks have become a major threat for small businesses in every field. In a recent example in Missouri, multiple businesses were attacked by ransomware delivered via faked email addresses that infected company computers. In at least one case, a company was forced to pay a ransom in order to regain use of their computers. The FBI’s Internet Crime Report noted that the cost of cybercrimes reached $2.7 billion in 2018 alone.

Easy Targets

Like the Missouri cases above, small businesses are often targeted because they often lack the security that larger businesses take for granted. The attackers may have to strike more businesses to make as much as a single, big-business theft, but their risk of getting caught or blunted are much lower. All too often, small businesses are soft targets.

A recent SBA survey showed that nearly 90 percent of small businesses felt vulnerable to a cyber attack. Yet many can’t afford professional IT help and have limited time to do it themselves.

A good place to start is by becoming familiar with the kinds of threats that are out there:

• Viruses are harmful programs that can spread from computer to computer and other connected equipment. A major goal of many viruses is to give cybercriminals access to your system where they can steal valuable data or pursue other activities, none of which will be good for you and your business.

• Malware (malicious software) refers to software designed to cause damage to a computer or computer network. Malware can include viruses and ransomware in order to do their harm.

• Ransomware is a type of malware that restricts access to a computer until a ransom is paid. Ransomware is often installed through phishing emails and unpatched (outdated) software.

• Phishing is a cyber attack that uses email or a malicious website to infect your machine or collect sensitive information. Phishing emails look like they’ve been sent from a legitimate organization or individual you know. Phishing emails often lead you (or an employee) to click a link or open an attachment that contains malicious code. When the code runs, your computer becomes infected with malware, a virus or some combination of the two – none of which you want.

Assessing these dangers is best left to professionals, but it helps to know what to look for and there are some things you can do yourself.

One of the first things you should tell yourself and your employees is to think before clicking on anything. This is very old advice, but every day someone goes to a website or receives an email that suddenly pops an “alert” telling them their computer is infected and they need to click on a link to reach security. These email/web pages can be very convincing, with authentic looking Microsoft, Apple or other logos and graphics. Some can infect your computer directly, but many will give you a web address or 800 number to reach the “Help Desk.” But these bogus link is actually the scammer with a very convincing story that leads you to hand over everything he or she needs to steal you blind.

Learn More

That’s why training your staff not to click on links that supposedly send you to “support” or another reference is often one of the most important things you can do. The safe move is to go to that website directly.

For example, if you or an employee get an email that says something like “Your system has been identified as infected and you should contact your IT Team immediately…click here,” don’t! Instead, assuming you have an IT Team, visit their website or call them directly, using a URL or phone number YOU KNOW is legitimate. Fake links imbedded in emails like that are a leading cause of data breaches for small businesses. Training on such basic Internet “best practices” are a major way to prevent cyber attacks.

Another relatively easy step is what’s called “double authentication” where you set up a cell phone number, for example, as a second level of security required to log into a bank or other important account. Setting this up must be done in advance, but it only takes a few minutes and provides a major, additional layer of security

Another security basic is often overlooked because it is, well, basic: backup. If you can simply wipe your system and reinstall everything from a recent backup, that’s often the best way to defeat malware or a virus. Depending on your system, it can be relatively easy and, especially with cloud backups, relatively affordable.

Good Start

There of course is much, much more. A good source for these and other cybersecurity suggestions is found on this page of the Small Business Administration website:

Find Us on FacebookHome | Succes Stories | Loan Programs | About Us | For Borrowers | For Lenders | Resources

Midwest Small Busness Finance | 7001 N Locust St. | Gladstone, MO 64118 | Phone: 816-468-4989