Cybersecurity for Oregon Small Businesses
Whether or not your small business has in-house cybersecurity or IT experts, you’ve probably heard the disturbing news accounts about the increase in hacks, scams, malware attacks, viruses, ransomware, and other extortion-oriented online assaults.
The situation has worsened in the wake of the pandemic. Cybercriminals exploited many of the quickly assembled platforms that businesses set up to let their employees work from home. And, as health facilities struggled to meet the demands of patients during a surge in COVID-19 cases, they found themselves besieged by cyberattacks at the same time.
Hackers did everything from executing ransomware attacks to interfering with medical technology—including an attack in Oregon that abruptly shut down alerts attached to monitoring patients’ vital signs.
According to an August 2021 article from Nancy Bilyeau at The Crime Report, “Nearly half of all U.S. hospitals have disconnected their networks in the past six months due to escalating ransomware attacks.”
Oregon Small Businesses Struggle to Fight Cybercrime
While hospitals and other emergency service providers have increasingly become the targets of cybercriminals, they are not alone. Preventing and mitigating damage from cyberthreats has become a way of life for organizations, from the most familiar names worldwide to everyday Oregon small businesses.
In fact, Ashley Lukehart of Cybersecurity Magazine wrote in May 2021 that “43% of all data breaches involve small and medium-sized businesses.”
Technology is an indispensable tool for businesses of all sizes. So no business today is immune from the relentless efforts of hackers to intrude, wreak havoc, and steal sensitive information for financial gain.
Whether they’re dealing with patients or business customers, Oregon small businesses have a duty to protect the personally identifiable information (PII) of their stakeholders. Such information includes:
- Social Security number
- Telephone number
- Credit card or other financial information
- Email address
- Individual account number or code
Even if small businesses don’t keep PII about their customers, they likely have intellectual property worth protecting. On top of that, they need security strategies to ensure that their employees don’t fall prey to online hacking predators.
That means Oregon business owners and their IT leaders need to look strategically at their cybersecurity strategies.
How Can Your Small Business Protect Itself from Cyber Attacks?
Recognizing the vulnerability of Oregon small businesses to cyber attacks is a huge step in launching a defensive strategy against hackers. Once you know what your organization is up against, you need some tips to protect your customers and your small business.
Here are four tips to help your small business stay safe in these dangerous digital times.
Tip 1: Cybersecurity Is Everyone’s Job
Making cybersecurity a priority in your employee training is essential. The Federal Communications Commission (FCC) recommends establishing basic security practices and policies to help reinforce that all employees’ efforts are crucial to maintain cybersecurity.
Here are some critical training topics to cover:
- Strong password security
- Recognizing phishing emails and social engineering attacks
- Appropriate internet usage guidelines
- Secure handling of confidential information, including PII and HR data
The potential cost of a data breach for your company can be $200,000 or more. And the ongoing cleanup in the aftermath of a security breach can be costly due to the loss of personal and financial data, as well as customer confidence.
Ensure that new employees take an initial cybersecurity training class, and then provide frequent updates via in-person or online training, along with reading materials.
Tip 2: Develop a Strong Password Protocol That Everyone Follows
Strong passwords are the first line of defense in protecting your systems, preventing unauthorized access to your small-business accounts and devices.
Try incorporating these best practices into your password security strategies:
- Require strong passwords that are long and complex, incorporating numbers, letters, and symbols. Emphasize the importance of creating unique passwords, never using the same password twice.
- Work to implement two-factor authentication. 2FA requires two distinct forms of identification to access a device, account, mobile app, or system.
- Use a password management system like LastPass or 1Password to help your team keep complex passwords secure, especially when allowing sharing across users.
- Keep “clean” machines. Having up-to-date security software, web browsers, and operating systems is critical in defending against viruses, malware, and other threats online.
- Stay consistent, practicing what you preach to your small-business employees. Ensure that all internal and external employees understand and follow your cybersecurity protocols, and do so yourself!
Tip 3: Use Firewall Security for Your Internet Connection
A firewall is a network security system composed of programs that monitor and control incoming and outgoing private network traffic. It’s a barrier— a firewall—between your trusted working network and an external, untrusted network, like the internet.
A firewall not only works within your small business’s physical location, but it also works for anyone working remotely to provide employee access while ensuring that their home or other work space is protected.
Additionally, ensure that your business’s Wi-Fi network is secure, encrypted, and hidden, preventing your network from broadcasting its Service Set Identifier (SSID).
Tip 4: Implement a Data Backup System in Case of Emergency
You can’t predict all the ways your sensitive data might become compromised. Whether you experience a natural disaster, a ransomware attack, or another cybersecurity attack that would make your data irretrievable, your small business needs to prepare.
Implement a system to back up your company, customer, and employee data regularly. This critical data includes:
- Word processing documents
- Financial files
- Human resources data
- Personally identifiable information for customers or anyone else
- Accounts receivable/payable information
If possible, back up critical data automatically and store copies off-site or in the cloud to ensure access.
Partner with the Oregon Center for Cybersecurity at Mt. Hood Community College
October is Cybersecurity Awareness Month, so be aware: Small businesses everywhere, including those in Oregon, are as susceptible to data security breaches and other cybercrimes as anyone.
The cybersecurity program at the Mt. Hood SBDC offers educational awareness; workshops; training; and no-cost, one-on-one advising sessions for businesses in different stages of development and growth to help you develop, launch, implement and maintain your small-business cybersecurity strategy.
Do you have questions about how we can help your Oregon small business defend against cyberthreats? If you do, get in touch with your local Oregon Small Business Development Center (SBDC) at OregonSBDC.org. We’re here to help!