There’s an old joke about two men hiking in the woods when they come across a big, grumpy black bear. Scared silly, one of the guys starts to run but notices his buddy stopped, bent-over, changing his shoes. He shouts to him, “Dude! What are you doing?!?! Why aren’t you running?” to which his friend replies, “I’m changing my shoes because I don’t need to outrun the bear – I only need to outrun YOU.”
This is a perfect analogy for what’s going on in small businesses: the “slow,” easy targets are getting nailed by fast-growing cybercrime rings that are getting more sophisticated and aggressive in attacking small businesses. Last year, the average cyber-attack cost a small business $20,752, a substantial increase from 2013, when the average was $8,699. That’s because most small businesses don’t have the security protocols in place or the manpower and budget to implement sophisticated security systems. While there’s absolutely no way to completely protect yourself other than disconnecting entirely from the Internet, there are several things you can do to avoid being easy pickings. Here’s how:
- Lock your network. While WIRED networks make you invisible to WiFi snoops because you have to access them by plugging into physical outlets or hacking modem ports, you can create a hidden or cloaked network on a wireless network. Simply disable the service set identifier (SSID) broadcasting function on the wireless router, and only users with the exact network name will have access. Small businesses like coffeehouses can also do this—just periodically change the network’s information and place a small sign near the register with the current network name and passcode.
- Encrypt your data. On your desktops, turn on the full-disk encryption tools that come standard on most operating systems: BitLocker on Windows-based PCs and FileVault on Macs. There is no noticeable performance lag; however, the encryption only applies when users are logged out of the system. So setting computers to automatically log out after 15 minutes without use is a good idea. And for mobile devices, use a VPN (virtual private network) to encrypt data traveling to and from your mobile devices and limit your employees’ access to only the company data that they must have to do their jobs.
- Install firewall and anti-malware applications on all of your equipment, including mobile devices.
- Disable features that automatically connect your mobile devices to any available network.
- Disable printer and file-sharing options on mobile devices before connecting to a hotspot.
- Check before connecting to hotspots. If there is an unusual variation in the logo or name on the login page, beware…this could mean it’s a fake hotspot designed to steal your data. Can you guarantee that the person across the hotel lobby isn’t looking at your data? Not really, but the chances of them being able to do that are greatly reduced if you take precautions to protect your business.