Authored by a Symantec employee

 

When you own a small business, the adage “you are only as strong as your weakest link” holds true when it comes to cybersecurity. That’s why you need to invest in the best security software for your business as well as in digital safety education for your employees.

Types of small business cyber threats

Although cybercriminals are creating new ways of launching cyber attacks, some of their more common methods for breaching small companies have been around for a while.

Phishing 

Business email compromise (BEC) scams, also known as phishing emails, continue to cause major losses; more than U.S. $5 billion dollars have been stolen domestically and internationally in the past three years. Approximately 7,700 organizations are hit by a BEC scam every month.

Phishing occurs when a cybercriminal tries to trick an email recipient into opening a malicious attachment or clicking a link to a malware-laden website that could download ransomware. This method has remained popular over the years, which perhaps indicates that the person behind the computer keyboard can be the weak link in a company’s security.

Watering holes

Watering holes are legitimate websites that have been hijacked by an attacker and turned into malicious websites, typically without the knowledge of the sites’ owners. These types of sites attempt to install malware onto a device. This usually requires some action by the user, such as clicking on a link, downloading a file, or giving away information.

Drive-by downloads

In the case of a drive-by download, a malicious website will attempt to install software on your computer without asking for permission first. This could happen if proper security systems are not in place or if the operating system is outdated.

Why do cybercriminals target small businesses?

The most likely reason for a cyberattack is intelligence gathering. A data breach is one possible result of a successful attack. Data breaches can involve a variety of information, from documents and intellectual property, to credit card and financial information. Sometimes, cybercriminals could even mine information about your staff and customers. According to a 2017 Ponemon study, the global average total cost of a data breach is U.S. $3.62 million.

Cybersecurity best practices for small businesses

Cybersecurity for your small business begins with digital security best practices education and training. Educate all your employees with the same best practices. When new employees join your team and best practices are updated, provide refresher training sessions.

As you develop best practices to protect your small business from cyber threats, do some research. The National Cybersecurity and Communications Integration Center’s (NCCIC) website can help you create a solid cybersecurity plan for your business. You may want to establish guidelines around the following three security topics as you teach your employees how to make digital safety a daily habit.

1. Software updates 

Hackers can enter your computer network through outdated apps with known vulnerabilities. Make sure your employees know to install software updates and patches for applications and operating systems as soon as they’re available.

2. Passwords

Teach your employees that the best password is a secure password. A good solution to remembering and using strong passwords is a reputable password management application. This stores passwords in one place, allowing people to generate strong, complex and random passwords that they don’t need to memorize. They only need to remember one password to unlock the app itself. Alternatively, ask your employees to create strong passwords that are at least 10 characters long and include numbers, symbols, and upper and lowercase letters. Advise employees to never write down passwords to keep on their laptops or workstations.

3. Virtual Private Networks

VPNs can go a long way toward securing your company’s information. Virtual private networks encrypt all traffic leaving and entering your devices. If someone somehow manages to intercept your information, all they will have is encrypted data.

Why cybersecurity awareness is important

Unfortunately, none of this education and training will help secure your business unless you create a culture of cybersecurity awareness around the office. So how do you encourage your employees to protect your company’s information?

  • Compliance programs: Make changing passwords a regular task, like getting an oil change in your car. Ensure everyone is doing what they need to do to keep their passwords secure.
  • Rewards programs: Offer rewards for employees who find ways to improve cybersecurity around the office, such as by reporting phishing emails.
  • Accountability programs: Encouraging your employees to tattle on each other for not following best practices will just erode trust. However, encouraging your employees to gently hold one another accountable will help ensure compliance with best practices. Consider instituting an anonymous reporting system or encourage employees to have open conversations about cybersecurity with each other. You can also try appointing cybersecurity culture advocates to help keep employees trained and motivated.


Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.