The holiday shopping season marks a vital sales period for many American small businesses, with this year’s retail sales expected to reach as much as $682 billion, according to the National Retail Federation. With this anticipated volume of sales, having a cyber security plan in place is crucial, particularly for startups.
Symantec’s 2017 Internet Security Threat Report found that nearly half of all cyber attacks target small businesses. Unfortunately, CSIdentity Corporation (CSID) also found that nearly a third of small businesses do not take proactive steps to prevent breaches and half don’t allocate budget to risk mitigation. And, as a result, the U.S. Securities and Exchange Commission reported that 60 percent of small businesses fail within six months of a data breach.
The Value of Education
In today’s landscape, small businesses must educate employees on cyber security best practices. This involves more than implementing a cyber security plan or policy; it means making these proactive measures a part of company culture.
According to a recent University of Phoenix College of Information Systems & Technology survey of 2,017 U.S. adults, 8 in 10 said their company has a cyber security policy and nearly all (96 percent) often or always follow it. Despite this, less than half could identify any one specific component of said policy ― the most frequent being that their company uses a firewall-protected network (47 percent).
The Human Effect
Employee education and training is vital, particularly in light of recent CompTIA research that shows that more than half of data breaches are caused by human error. Untrained employees can unknowingly put companies at risk by using the same passwords for both personal and business accounts, clicking links and opening attachments in spam emails, or sharing private and confidential emails with unauthorized people.
The University of Phoenix survey found that these examples of human error may not be addressed in company policies or may be overlooked by employees. Only 34 percent of respondents said their company’s policy includes suspicious email procedures and even less (29 percent) said it includes password protection.
Educating employees on these procedures is just the start to improving overall company cyber security. Other steps include installing firewalls and antivirus software, encouraging employees to lock work stations when not in use, and incorporating a company policy of using long passwords, which are changed often.
However, even more can and should be done. Restricting use of WiFi networks outside of the company, prohibiting use of personal portable storage devices, and requiring employees to use only company-issued devices, like phones and laptops, can make it more difficult for hackers to access sensitive information.
How to Implement
To ensure these actions are actually being implemented, take the time to meet with employees to go over the policy together. Routinely check in to make sure it is being followed or create a procedures checklist. Employees need to understand that often they are the first line of defense against a breach. If something seems suspicious, they should alert the necessary personnel quickly.
While the holiday shopping season places an increased emphasis on cyber security, it must be a priority for small businesses year-round. Implementing a cyber security policy and training employees is a good foundation to help prevent attacks and limit the damage if a breach does occur.