Here’s a terrifying statistic for you to digest. In 2016, cyber attacks cost the world’s economy $450 billion.

The same survey suggests that by 2019, that cost will reach $2 trillion. The biggest threat most companies face when it comes to cybercrime is ignorance.

Enormous corporations think they have ample protection to keep hackers and other malcontents out of their systems. Small-and-medium business (SMB) owners believe they are too tiny or financially endowed to attract the attention of cybercriminals. Members of both sized-businesses think that once they’ve got their firewall up and their anti-virus software active, they’re perfectly safe.

The Truth About Cyber Attacks

At least 50% of all cybercrime is from inside jobs, including nearly three-quarters of the ones reported in the healthcare industry. Symantec says that 3 out of every 4 websites has an active vulnerability in their company’s digital security system. That’s like 75% of your neighborhood not only not having the alarm set but leaving the front door unlocked for burglars.

As for the size of a business, hackers target startups and fledgling companies because they rarely are up to snuff on security systems and thus easy to hack. A data breach can cost a big company millions in lawsuits and brand name reduction. As many as 60% of small businesses go under within six months of a cybercrime attack.

No matter your company’s size, scope, or industry, cybercrime can deal a devastating blow to everything your company is and everything you’ve worked hard to build. But there are ways to significantly lower the threat of hacker or cybercriminals breaching your security.

The Importance of Passwords

The sheer number of passwords most of us have to remember to access all our work tools, email inboxes, bank accounts, and social media networks is staggering.

It also makes it tempting to use the same password over and over or make them simple. Simple passwords used for multiple ingress points are precisely what hackers are counting on you to provide them, especially if you don’t change them very often.

Stolen, lost, and easy-to-guess passwords are the life’s blood of the modern hacker. They get into your system without setting off any warning bells or tripping any security alarms. The key to combating this is three-fold.

How to Be Proactive

First, install security mandates on your servers that require all employees to change their passwords every 60-90 days. That way, even if they do have a password stolen, its shelf life will be short.

Second, ensure that said passwords are impossible to guess. Instruct employees to combine letters, numbers, and symbols. It can be a pain to remember, but it’s better than seeing your company’s proprietary information spread all over the Internet one day.

Third, consider two-step authentication so that it’s not just a password getting someone into the system. It can be a picture selection or an ever-changing code off each employee’s key fob to add in an extra security layer.

Write and Enforce an Internal Use Policy

Employees can interact with their work environment in multiple ways these days. From logging into the cloud via their smartphone or tablet to remote access from home to work laptops, things have never been more convenient.

Unfortunately, the convenience of use is also the convenience of access for the wrong people. It might be a plus for your business to allow employees to work on their own time in their private location, but it comes with its own set of complications as well.

An Internal Use Policy will make it imperative for employees to only act in specific ways when interacting with their work server and the sensitive data therein.

For instance, you can specify which personal devices can be allowed to access your servers and under what circumstances certain parts of the server are accessible. Individual data files are suitable for marketing campaigns and advertising tools, but the standard employee should not be able to access them. Make signing the policy part of each employee’s contract.

The Case for Cloud Computing

When it comes to security, cloud computing gets a bad rap based on the breaches of Yahoo!, iCloud, and LinkedIn over the last decade or so.

But more often than not, it’s the flaw of letting third parties access more large environments that are spelling doom for these data breaches.

Moving your company’s infrastructure and data to the cloud takes away one significant security threat right away: hackers can’t breach the system that doesn’t exist in your office. The cloud computing environment is also ideal because your data and infrastructure are being monitored 24/7 by IT professionals whose sole job is maintaining the security of your environment.

Cloud computing is a particularly inviting offer for startups and SMBs that are short on capital in their initial stages of development. Having to purchase intrusion detection systems, firewalls, virus software packages, not to mention contracting IT professionals on a full- or part-time basis can devour a small firm’s budget in a hurry.

Putting your business into the cloud gives you all of these services for one price under one roof, as well as the ability to scale your business up or down with the full knowledge that the security will be there every step of the way.

Don’t Talk to Strangers

The fundamental rules we tell our children seem to fly right out the window when we engage with people online or on the phone when it comes to our business.

Spoofed emails are still one of the biggest threats to company’s digital security. The biggest problem is that most company employees assume that if there is a spam filter in place, anything that comes through it to your inbox is safe to open and legitimate in nature.

Spam filters are great tools, but there’s not a single one on the planet that is 100% accurate. Make sure you are confident in the source of the email before opening it. And be warned that not all spoofed emails are easy to spot kind telling you about the “son of the deposed king of Nigeria.”

Cybercriminals are excellent at creating templates that appear to come from real trusted brands like Amazon and Apple imploring you to click a link. If you are not sure, always go to the company website, log in and see if there are actual messages for you. Or take the subject line or the lead sentence of the email and run it through a Google search. If it’s a scam, you’ll likely see it come up quickly.

Along the same token, do not open attachments on any emails unless you know precisely who they are from and what they are. With applications like Google Drive, Dropbox, Slack, and Skype making file transfers a breeze, you should have your head on a swivel anytime an unknown sender delivers mail with an attachment to your inbox.

Also remember that the personal data of yourself, your employees, and your company need 24/7 protection. Especially if yours is a new business, you might get lots of seemingly legitimate phone calls and emails from companies interested in doing business with you. These scam artists will play to the ego of an entrepreneur eager to begin building his or her business and providing personal information without thinking things through.


About the Author

Nikki is a CERTIFIED FINANCIAL PLANNER™ professional, and active stock market investor. She is the founder of She Talks Finance, a personal finance initiative for women. She also specializes in helping traders and investors improve their mental game.