Fortifying cybersecurity for your small business

In the past, small and midsized enterprises (SMEs) guarded against theft and damages primarily by securing their physical assets and premises. To protect themselves in the event these precautions failed, they invested in business insurance, including theft coverage. These days, SME owners have another sphere to worry about in addition to the physical one: their digital assets.

Cybersecurity critical for SMEs

When massive data breaches steal the spotlight in international headlines - such as when criminals hacked a large retailer - concerns over information and technical security tend to rise. At the same time, however, it's natural for smaller organisations to be somewhat dismissive, believing that such incidents are focused on massive enterprises. In other words, it's the classic "it won't happen to me" response.

This attitude could prove costly if something goes wrong. It's critical for SMEs to take cybersecurity very seriously to protect their organisation, customers and data from hackers and viruses.

According to a 2013 poll by the Ponemon Institute, more than half of small businesses in the US have experienced at least one data breach, often as a result of employee mistakes, lost devices and procedural errors.

In fact, SMEs are sometimes a more attractive target for hackers because larger enterprises typically have the resources to invest in security experts and top-end measures.

"Fraudsters won't necessarily [go] back to eBay or Target or Neiman Marcus and try to use those credit cards in those systems because their systems are very strong," Liron Damri, COO of anti-fraud-firm Forter, told CIO Magazine.

"They will try to take advantage of those medium-sized merchants and get money out of them."

What can you do to protect yourself?

As an SME, what steps can you take to prevent cybercriminals from infiltrating your system? There's no way to guarantee you won't be hacked, but there are many steps you can take to fortify your defences.

Here are a few tips to get started:

1. Ensure your system is up-to-date and secure.

Use up-to-date browsers, software and hardware - these versions have patches that address vulnerabilities hackers have learned to exploit. Antivirus protection and firewalls are essential, as well.

It's also important to password-protect your Wi-Fi access. If you allow your workers to connect to the network or work with company data on their own devices, establish a policy about antivirus requirements.

2. Choose vendors that have clear security practices.

If you're collecting customer payment information, for example, make sure your programs adhere to industry standards for encrypting and storing that data. You should also create backups of digital information to avoid data loss.

3. Train your employees.

This point cannot be emphasised enough. According to University of Adelaide security expert Dr Malcolm Pattison, human error and negligence are among the greatest causes of cybersecurity failures - not the computer system itself.

Informing your workers about how damaging data breaches can be and teaching them how to contribute to a secure environment can go a long way in protecting your assets. From password best practices to avoiding public Wi-Fi for professional activities, even small changes in behaviour can make a big difference.

4. Use machines for designated purposes only.

Company computers are exposed to greater risk if users access outside sites, such as social media. In addition to teaching employees about dangers like suspicious links, some organisations might want to restrict the use of their machines to better protect sensitive data.

Andrew Bagrin, founder and chief executive of My Digital Shield, told The New York Times Blog that POS systems should be used for customer transactions only, even though many of them can access internet browsers. Similarly, bookkeeping and banking activities can be better secured by completing them on a computer designated for those purposes alone.