Cyber Bytes for CPAs

3 Steps to Protect your Business´ Sensitive Information

Written by Daniel Tobon | Dec 17, 2020 5:00:00 AM

A data breach could become a nightmare for any company, especially for small businesses that may not be prepared to face cyber threats. According to the 2018 Verizon Data Breach Investigations Report, 58% of cyber-attack victims were small businesses (organizations with fewer than 250 employees). This doesn’t sound right?! Why would hackers target small businesses instead of larger organizations where they can obtain a better return? It turns out, hackers try to infiltrate small businesses – which are typically easier targets – so they can gain access to, and more easily attack, a larger organization. The recent Target cyber-attack where tens of millions of people’s credit card details were stolen was an example of this type of activity. The hackers gained access to Target’s network by first infiltrating a small HVAC company and stealing that company’s access to Target’s network.

Scary, huh? Despite these horrible facts, most small business owners can prepare so they can prevent, detect or respond to a cyber-attack by following these 3 simple steps.

Turn on Multi-factor Authentication (MFA) on all your accounts

Long and complex passwords are dead! As humans, our minds are not meant to remember gibberish text. Most people end up writing it on a sticky note or in an excel file. This ends up defeating the purpose of having a password in the first place.

Fortunately, as technology becomes more advanced every day, multi-factor authentication has become the standard for everyone.

Businesses who have employees that work with personal information (PII), such as social security or financial information, are required by state and federal statutes to integrate multi-factor authentication into their security processes. Many non-regulated businesses resist MFA implementations because it makes the process slightly more cumbersome. However, it is well worth it to add an extra layer of security and protection to their sensitive information.

Add Advanced Protection to your Email System

Traditional anti-virus and spam filters are an outdated way to protect against cyber-attacks in the world we live in today. Hackers are more sophisticated at leveraging multiple attack vectors that traditional anti-virus and spam filters simply won’t catch.

Implementing advanced protection to your email system today is critical to keeping your sensitive information safe. With the right solution, your business can prevent, detect and respond to new and sophisticated attacks before it is too late.

Educate your Employees and Yourself

Even the most sophisticated security system will not prevent everything. The best investment you can make in your small business is to educate your employees on modern cyber threats and how to prevent them.

For example, make sure they know that before you open an email or respond to any requests to download files or click on links, ask the following questions:

  • Do I know the person that sent the email?

  • Is it something I am expecting?

  • Does it sound and/or feel odd? (e.g. unusual spelling/wording, high sense of urgency)

Training your employees on different cyber security scenarios is the most effective way to protect your business information!

If you love your business and your clients, make cybersecurity planning as important as any other aspect of your business planning process. Ignoring it can be catastrophic. As a small business owner myself, I know it can take many years to build a business’ reputation, but a cyber-attack can ruin all that hard work in only a few seconds.