When Disaster Strikes in the Digital Age

This is probably not the first time you’ve heard about small businesses and security breaches, and won’t be the last. It’s a fact of the digital age that criminals are evolving and no longer have to hide under the cover of night to get their hands on valuable goods. Today, goods do not mean cash or electronics, but information as well. When it happens, your main goal is damage control, but this starts before an event and continues for long after.

Educating Yourself About Phishing

Phishing is one of the most common cyber attacks, and it’s how criminals get their hands on information, such as your customer’s names and credit account numbers. Phishing is highly effective, and it preys on your business’s most vulnerable area: the people. Cybersecurity expert Mike Baker tells Digital Guardian that phishing schemes exploit an employee’s need to please authority figures. You can lose data if an employee clicks on an email or freely offers up information via telephone to a criminal with a legitimate-sounding purpose for asking questions.

If your data is breached in this way, your first course of action is to alert your customers, vendors, and employees that a breach has occurred and that their data may have been compromised. How you handle the events once the violation is detected plays a considerable role in how your customers will react. Business Insider reports that companies such as Cheddar’s, Macy’s, and Delta Airlines have all experienced cybersecurity issues in recent years. Nearly 20 percent of affected customers may not return. Making matters \more troubling is that a number of these breaches were caused directly by overlooked payment system flaws.

Once you have alerted your customers of these issues, you will also need to give them an idea of how you plan to recover the stolen data and prevent attacks from happening in the future. Your plan should include measures such as auditing the hardware and software your company uses and replacing your payment system with a more secure system. If you don’t have an IT department, or if they are not up to date on the most common cybersecurity practices, consider having them sign up for a refresher course, such as the Cyber Security in 90 Minutes by Dr. Mohammad Adly, which is available online via MindsMapped.com.

Other steps you can take to improve your cybersecurity include implementing new security policies, which may entail limiting your employee’s access to the internet, upgrading your spam filters, and enforcing password protection rules.

Minimize the Impact

Although you cannot predict the future, you should always act as though hackers are constantly at your door. Keep in mind that ransomware and malware can limit your access to employee data, in addition to criminals having their own access. A data backup regimen is a preemptive way to ensure that you always have a way to see your data, even if the source file has been blocked by ransomware. So, work with your employees to identify the critical data that your company can’t operate without. Have emails and all incoming and outgoing correspondence automatically saved to a separate account in case of an emergency.

Training for Everyone

While your IT team should remain current on the most prevalent types of attack, your entire company should also be trained in ways to limit the possibility of further incidents. Employees should be encouraged to report suspicious or unexpected emails, even if they appear to originate from within the company. Anything written in broken English or emails that request input of account information should be labeled as suspicious. These 10 tips from Return Path can help you further talk to your employees about things to look out for.

When you own a small business, you can’t afford to lose 20 percent of your customers, but hackers don’t care. They aren’t interested in protecting you or the people that rely on you — that’s up to you. You may not be able to stop a digital attack, but you can lessen your chances of becoming a target by training your employees and increasing your digital security efforts.

Image via Pixabay