The House Committee on Small Business addressed this issue during a special hearing called, “Protecting Small Businesses Against Emerging and Complex Cyber-Attacks.”
“Small businesses generally have fewer resources available to monitor and combat cyber threats, making them easy targets for expert criminals,” said Chris Collins, chairman of the House’s Subcommittee on Health and Technology. “In addition, many of these firms have a false sense of security and believe they are immune from a possible cyber-attack.”
The committee heard testimony from a number of professionals from the tech industry on how and why cyber security is just as much a danger for small companies as it is for larger ones. Here are three security tips that were offered as part of the testimony:
1. Create a written security policy for employees.
When it comes to cyber security, one of the biggest problems is the lack of education among small-business owners and their employees, Collins said.
Business owners and their IT departments need to stay up-to-date on issues relating to cyber security threats and should create a written security policy for employees, suggested Dan Shapero, founder of California-based pay-as-you-go digital marketing firm ClikCloud.
In it, determine whether employees should be allowed to have personal data on business devices, he said. Conversely, figure out whether business data should be permitted on their personal devices and what to do in case a device is lost or stolen.
Then, share the document with employees and make certain that they understand what to do and why cyber security is vital, Shapero said.
2. Use stronger passwords.
This might seem like a no-brainer to some, but business owners have been “dumb” about creating smart passwords, said William Weber, senior vice president and general counsel at Cbeyond, an Atlanta-based telecommunications and IT company.
If your password is a common word, or something that can be guessed based on public information, consider changing it to something more difficult to crack.
Weber told a story about how one of his small-business clients used the name of his college mascot as his bank password. Hackers figured out the password and removed R160 000 from his account. Business owners should create passwords that are at least 12 characters long and contain upper and lower case letters, as well as numbers and special characters, Weber said.
Also, avoid using the same password across multiple accounts, recommended Justin Freeman, corporate counsel at Texas-based IT hosting company Rackspace. The more passwords between hackers and your data or money, the better, he said.
3. Encrypt your data.
You can’t always keep hackers out of your computer systems, so take steps to protect the data contained within those systems, Freeman said. That’s where encryption comes in. Disk encryption tools come standard on most operating systems, including BitLocker for Windows PCs and FileVault for Macs. These programs essentially convert the data on your systems into unreadable code that isn’t easily deciphered by hackers.