Q: I’m worried about my cybersecurity as a small-business owner. What are some practical tips that I can deploy to keep my company safe from hackers?

 

A: Businesses, specifically small businesses, continue to fail at managing cyber risk. One metric from the Verizon Data Breach Report stands out: 61 percent of breaches hit smaller businesses. We remember the big names; however, smaller organizations thinking that “it won’t happen to them” could find themselves having a bad day — or worse — be out of business. Here are some cyber tips for small businesses:

Security engagement: Everyone in your company must understand what their role is in managing cyber risks. It may be cliché, but “security is everyone’s responsibility.” Talk about cyber security, get leadership involved and educate staff to not click e-mails they are not expecting or from people they don’t know.

Patching: If you can only find time to do a few things, patch your systems. Many organizations still get this woefully wrong. It is basic information security hygiene, don’t forget about it.

Move beyond passwords: Think about the password that you used to log into your devices. Guess what, it is compromised and readily available on the dark web. Sorry, I know you thought you were clever using “P@ssword!” Invest in dual factor authentication. There are free services, like Google authenticator, and other commercial products that can better protect your critical systems.

Identify what you need to protect: Small businesses don’t have the budgets that the big dogs do, which makes them an easier target. It is critical to focus resources on the assets that matter the most. You should identify what is important, why it is valuable and what the risks are.

Get help: Seriously consider hiring someone whose responsibility is to manage cyber risk for your business. Nothing is better than having someone who has a stake in or is engaged in the protection of your company.

If you can’t hire, use a security partner, just be careful to use one that listens and helps you make better risk decisions rather than just try to sell you products.

Jeff Norem is the vice president of security for Augeo Marketing and serves on the Risk Leadership Advisory Board for the Opus College of Business at the University of St. Thomas.