Arrow DownIcon of an arrow pointing downwardsArrow LeftIcon of an arrow pointing to the leftArrow RightIcon of an arrow pointing to the rightArrow UpIcon of an arrow pointing upwardsBank IconIcon of a bank buildingCheck IconIcon of a bank checkCheckmark IconIcon of a checkmarkCredit-Card IconIcon of a credit-cardFunds IconIcon of hands holding a bag of moneyAlert IconIcon of an exclaimation markIdea IconIcon of a bright light bulbKey IconIcon of a keyLock IconIcon of a padlockMail IconIcon of an envelopeMobile Banking IconIcon of a mobile phone with a dollar sign in a speech bubbleMoney in Home IconIcon of a dollar sign inside of a housePhone IconIcon of a phone handsetPlanning IconIcon of a compassReload IconIcon of two arrows pointing head to tail in a circleSearch IconIcon of a magnifying glassFacebook IconIcon of the Facebook logoLinkedIn IconIcon of the LinkedIn LogoXX Symbol, typically used to close a menu
Skip to nav Skip to content

Cybercriminals are coming for your business. Here are 5 simple ways to keep them out

Now, more than ever, is a crucial moment to button up cyber security measures at your company.

Small businesses were easy prey for cybercriminals during the pandemic. A shift to remote work meant hackers had their pick of unsecured home networks and devices. Now, even though many businesses have moved back to in-office work, it's likely they'll still be targeted by hackers. Savvy thieves often see small businesses as a "Trojan Horse" to the larger businesses with which they partner.

Panelists at a recent Chamber of Commerce event shared tips on what businesses need to keep in mind in order to protect their data and assets from cyberattacks.

Ransomware comes in via email and can hide for several days.

Some cyberattacks will do damage instantly, taking down all of your systems and locking you out. But some, such as ransomware emails, require more time to take root.

"So maybe an employee clicks on an email that goes through their device, and they send that email to somebody else that hits another application or device. It can really be in your system for several days before you notice it," said Tara Holt, senior product marketing manager at Iron Mountain. The delayed timeline is crucial to keep in mind as you work to nail down when and how a breach occurred.

Backup critical data, both on- and off-site.

Holt and other cybersecurity experts encourage businesses to store a backup of your most critical data as a second line of defense. This should be both off-site and online. Your business may still be able to operate during a cyberattack, even in a limited context, if there's a backup handy.

Make sure payment processors are PCI compliant.

An overlooked area of cybersecurity is your third-party payment processor. Businesses that make hundreds of transactions per day must ensure that security standards are in place to prevent theft. Most merchants that accept credit cards must adhere to the Payment Card Industry Data Security Standard, or PCI.

A few credit card companies allow merchants that are not PCI compliant, but tread carefully with them -- you'll likely be stuck with the bill in the event of a breach. "If you get a breach, and you're not PCI compliant, it's a minimum of $80,000 apiece and MasterCard will have to charge you, because they're going to have to resubmit new cards for those people whose cards may have also been compromised," said Renee VanHeel, president of Pay It Forward Processing.

You can pay the ransom, but don't expect to get your data back.

While taking cybercriminals at their word is always a risky undertaking, when it comes to ransomware, few crooks are honest players. Businesses that pay ransoms must deal with the very likely possibility that any data they get back will either be incomplete or corrupt.

An estimated 92 percent of victims who pay the requested ransom don't get their data back, according to a 2021 Sophos State of Ransomware report.

Use a "zero-trust network" and multi-factor authentication.

Chances are, your team probably needs a refresher on what makes a strong, unique password, which can go a long way toward securing your systems. Best practices include combining three or more unrelated words -- proper nouns are good -- with numbers or special characters separating them.

Requiring the use of VPNs is also key. Sad Eastman, CEO of JobsInTheUS, says his company uses both an internal VPN and a third-party VPN for customers. "We do that because we believe it's important for us to provide a secure environment for our employees to get in to do their jobs, but also a place for our customers," he said.

Holt also suggests that businesses create what is called a "zero-trust network" that authenticates users every time they log-in. Multi-factor authentication, where users must enter a passcode that is sent to their phone or email, is another good safeguard.

"Adding in as many different layers of security as you can can really be that first step to protect you," said Holt.

Learn about additional fraud prevention tools to keep your business safe. 

This article was written by Amrita Khalid from Inc. and was legally licensed through the Industry Dive publisher network. Please direct all licensing questions to legal@industrydive.com.

Subscribe for Ideas

Subscribe