According to the most recent TrendMicro/Ponemon Institute Cyber Risk Index, businesses with fewer than 100 employees face the worst risk, as compared to the industry average.1 2
A breach can be devastating: A recent Intel-sponsored survey by J. Gold Associates found that for small businesses, the average cost of a data breach was more than $100,000.3 In addition to lost business and consumer trust, non-compliance with regulations like the credit card industry’s Payment Card Industry Data Security Standard (PCI DSS) can result in penalties of thousands of dollars per month and termination of your merchant account.4
While this can seem frightening, the good news is that today’s technology helps businesses like yours stand tough against cybercrime. To better protect your business and customer data, start by creating your own small business security plan. Intel has created resources to help you get started.
Read on to learn about the different types of threats and how a few simple steps and secure technology can help harden your defenses against them.
The first step in protecting your small business from data breaches—which can include unauthorized access to banking information, customer contacts and personal information, and proprietary product and financial data—is to understand the different types of threats.
Malware (“malicious software”) is a broad term that covers the many ways cybercriminals gain access to devices, networks, websites, and ultimately your data. Types of malware include:
- Viruses, which are contagious and replicate themselves throughout your system and other connected devices.
- Spyware that runs in the background of your device, tracking your internet activity.
- Keyloggers that log keystrokes to steal data and passwords.
- Worms, which replicate like viruses, but with the goal of destroying data as the worms proliferate.
- Trojans, which appear to be legitimate programs so they can gain access to modify, copy, and delete data, and provide backdoor network access. Subcategories of Trojans include backdoor Trojans that allow remote control over the infected device, rootkits that help disguise malware so it can run undetected, and bots that infect large numbers of computers, creating a “botnet” that reports back to a hacker’s central computer.
Phishing is a type of social engineering attack, which means people are tricked into clicking on links that download malicious programs or providing sensitive information. Usually, you receive a spoofed email with a malware-infected attachment or a link to a site that downloads malware to your device. The link may also direct you to a spoof website with a form that requests sensitive information like passwords. Social engineering attacks can also be conducted on websites via spoofed links on social media or shared photos infested with malware.
Ransomware is a mix of social engineering and malware. After clicking on a spoofed link or file, your device is infected by Trojan malware. Once infected, you’re locked out of your data or system by the program until you agree to pay a ransom.
Cybersecurity Best Practices
To strengthen your small business against these threats, put these small business security best practices into action:
- Upgrade your technology. In a recent Intel-commissioned survey of small businesses, PCs more than five years old represented 34% of the malware attacks reported, compared to just 6% of devices less than 1 year old.3 Newer business-grade devices have added security features for today’s cyberthreats, including advanced threat detection and more hardware-enabled security features of the latest Intel vPro® Platform.
- Take advantage of Windows* 11 Pro security. With new devices comes the latest Windows operating system. Configure Windows* 11 Pro to only run authorized apps, use Windows Hello for two-step verification, and enable BitLocker, which encrypts sensitive data in case your device is lost or stolen.
- Improve password use. In the Ponemon survey, 40% of respondents said their companies experienced an attack involving password compromise.5 Set password strength and update requirements with Windows group policy or mobile device management software.
- Implement multi-factor authentication (MFA). This secure method of logging into an account or device requires more than one verification, using something that you know (password or PIN), something you have (a token), and something that you are (a fingerprint).
- Set up a Windows domain. This allows you to easily authorize users, groups, and computers to access local and network data.
Educate Your Team
To ensure robust data security for your small business, it is essential for your team to continuously stay informed about the latest security best practices. Empower your team to:
- Recognize social engineering scams like phishing and spoofed forms and links.
- Understand data security regulations that affect your industry.
- Improve their password hygiene.
- Know what to do if they click on a malware link or otherwise compromise your business’s data or network.
- Understand how data security can provide a first line of defense against hackers.
Evolve Your Cybersecurity Strategy
As hackers evolve with ever more clever and sophisticated methods of attacking businesses, you can evolve your cybersecurity strategy as well—thanks to technological advances. To learn more about ways the Intel vPro® platform can help make your business more secure, visit intel.com/smallbusiness.