• Establish security practices and policies to protect sensitive information

• Educate employees about cyberthreats and hold them accountable

• Require employees to use strong passwords and to change them often

• Employ best practices on payment cards

• Make backup copies of important business data and information

• Create a mobile device action plan

• Protect all pages on your public-facing websites, not just the checkout and sign-up pages

  The survey also found:

  • 65 percent of business owners admit they have been victim of a cyberattack; computer virus attacks are the top type of attack reported at 33 percent, phishing is number two at 29 percent.

  • 86 percent of business owners believe that digital risk will continue to grow.

  • 30 percent of companies with 11-50 employees do not provide any type of formal training on cybersecurity.

  • Despite the simplicity of regularly updating software, seven percent of companies still fail to take that step.

  • Reputational risk is among the top reasons (45 percent) why business owners would consider investing in or purchasing a cybersecurity policy.

  • 35 percent of business owners who have never experienced a cyberattack are unaware of the financial cost to recover, highlighting a dangerous gap in knowledge from the implications.

As for Web-based exploits, Internet websites are now the most commonly-used angles of attack, most often targeting software vulnerabilities or using exploits on the receiving client. This makes keeping up-to-date browsers paramount for all employees.

 Website Browsing Best Practices for Employees

•    Be conservative with online downloads.

•    Beware antivirus scams.

•    Interact only with well-known, reputable websites.

•    Confirm each site is the genuine site and not a fraudulent site.

•    Determine if the site utilizes SSL (Secure Sockets Layer}

• SSL is a security technology for establishing encrypted links between Web servers and browsers.

•    Don’t click links in emails—go to sites directly.

•    Use social media best practices.

You cannot go a day without reading about some big name company or even government agency being hacked and critical data being compromised. What you don’t see in the media is that most of the attacks happen to small firms, and that this is where a lot of the cybercrime is occurring.

What any business, but especially a small business, needs to be afraid of are cyber attacks that disable your operations, disrupt customer interaction, or breach your customer’s personal data. Contrary to what one might expect, smaller firms are far more likely to be targets of hackers than large firms. They are also likely to have less sophisticated security measures in place. Any firm’s existence can be threatened by these events, but smaller firms are often unable to rebuild after a major breach.

Studies show that customers are less forgiving of smaller firms than larger ones when their personal data has been compromised. The lesson here is that smaller firms are more vulnerable and need to be extremely vigilant.

Each month your management team should review/discuss the components of the cybersecurity program and the business continuity/resiliency plans.

From the political world to the corporate, all we hear about is hacking, hacking, hacking. Everyone gets hacked, data is stolen, etc. So, the cry goes up for better security protections for everyone’s data. Firewalls, virus software, etc., etc., etc.

Want to know one of the best ways to protect your data? Train your employees to stop opening any emails or links unless they absolutely know they are safe. Scam emails that try to trick you into opening a link to a bogus site, or worse, trick you into providing your password or ID for a known site are exceptionally effective ways for hackers to get into your internal system and compromise data. Yes, ransomware is a serious issue, and malware is out there, but employees naively opening phishing emails remain one of the biggest risks to data security. Talk to your employees on an on-going basis and provide training and tips on how to ID phishing scams