National Cyber Security Awareness Month is observed each October. Since its inception in 2004, the National Cyber Security Alliance-sponsored seasonal campaign encourages all computer users to be vigilant and protective of sensitive information.
Of all possible victims, small business owners are keenly aware of their risk for cyberattacks, but they are somewhat at a loss as to what to do. That's one of the findings of a new report from Better Business Bureau, "The State of Small Business Cybersecurity in North America." One of the more troubling findings is that half of small businesses reported they could remain profitable for only one month if they lost essential data.
"Small business owners get it," said Bill Fanelli, chief security officer for the Council of Better Business Bureaus and one of the authors of the report. "When we asked them about the most common cybersecurity threats - ransomware, phishing, malware - they know what's out there, and most of them have basic protections in place. For instance, 81 percent use antivirus software and 76 percent have firewalls. But one of the most cost-effective prevention tools, employee education, is used by fewer than half of the companies we surveyed. Other prevention measures scored even lower."
BBB surveyed approximately 1,100 businesses in North America (71.4 percent of the sample came from the United States, 28.5 percent from Canada and 0.1 percent from Mexico). Two-thirds of the participants were BBB-accredited businesses, and they fared marginally better in most measures, such as awareness of specific threats and adoption of cybersecurity measures. The report also emphasizes the need not only for education and training, but for cost-benefit analysis of cybersecurity measures
"It doesn't do any good for a small business to adopt a $10,000 solution if the potential risk reduction is only worth $5,000," Fanelli said. "We hope this report will give small business owners greater awareness of the real and the perceived risks of cyberattacks, as well as best practices for protecting against these types of security threats."
While the full report is available at bbb.org/StateOfCybersecurity, small business owners and consumers alike can shore up their cybersecurity efforts by following these tips:
Practice good password management. Use a strong mix of characters, and don't use the same password for multiple sites. Don't share your password with others, don't write it down, and definitely don't write it on a post-it note attached to your monitor.
Never leave your devices unattended. If you need to leave your computer, phone or tablet for any length of time - no matter how short - lock it up so no one can use it while you're gone. If you keep sensitive information on a flash drive or external hard drive, make sure to lock it up as well.
Always be careful when clicking on attachments or links in email. If it's unexpected or suspicious for any reason, don't click on it. Double check the URL of the website the link takes you to: bad actors will often take advantage of spelling mistakes to direct you to a harmful domain.
Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Whether it's a friend's phone, a public computer or a cafe's free WiFi - your data could be copied or stolen.
Back up data regularly, and make sure your anti-virus software is always up to date.
Be conscientious of what you plug in to your computer. Malware can be spread through infected flash drives, external hard drives and even smartphones.
Watch what you're sharing on social networks. Criminals can befriend you and easily gain access to a shocking amount of information - where you go to school, where you work, when you're on vacation - that could help them gain access to valuable data.
Offline, be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information, it's okay to say no. You can always call the company directly to verify credentials before giving out any information.
Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you've been compromised.
Sean Spence is the Mid-Missouri regional director for Better Business Bureau.