Small business
cyber security
matters, too

Depending on their size, small businesses may wrongly assume they are less vulnerable to cyber attacks. In fact, according to a survey conducted by the Cyber Readiness Institute, only 31% of business owners with fewer than 10 employees were concerned about small business cyber security in 2020.

Analysis of security incidents, however, points to one painful and unavoidable conclusion: small businesses are not immune to cyber attacks. The gap between the incidences of data breaches targeted at large enterprises and small businesses has been steadily decreasing, according to the Verizon’s 2021 Data Breach Investigations Report. This means small businesses are almost just as vulnerable to cyber attacks as large enterprises. Given the average cost of data breach for small business is $25,612, it's time to pay attention to small business cyber security and build a cyber security policy template for small business.

In 2019, the U.S. was home to 30.7 million small businesses, each with the potential for financial loss due to data breaches. Staying on top of cyber security threats requires a robust bench of technical talent, which small businesses might not always have. Lacking the know-how to identify breaches can delay response, making the damage worse and adversely impacting business continuity. More than half of small businesses go under within six months of a cyber attack.

The migration to remote or virtual models of work has exacerbated these small business cyber security challenges. A third of American workers were telecommuting in October 2020 and nearly two-thirds of them want to continue the practice. Small businesses have to factor in additional endpoints, such as employee mobile phones, as potential vectors for attacks.

Given the magnitude of risks, small businesses can implement a set of protocols that are customized to their needs and that take their vulnerabilities into account.

An audit, either external or internal, can highlight areas that need extra attention. Like most other business mechanisms, cyber security is about making sure people, processes, and technologies are working well together. A sound cyber security policy template for small business can address all these components in a unified fashion.

When it comes to small business cyber security, business owners need to keep an eye on the security of their devices in order to avoid data breaches. The technology at risk includes:

• Employee devices. Make sure that laptops are secure with verified mechanisms to log in to business networks. Central mobile device management (MDM) policies ensure any changes or system updates can be pushed out to all devices.
• Wi-Fi and virtual private networks (VPNs). Understanding how and where employees are connecting from will help institute better small business cyber security protocols.
• The cloud. Whether small businesses use the cloud for storage or software-as-a-service (SaaS) solutions, it is another technology that needs to be addressed in cyber security templates.

Since people use technology, the two need not be dissociated from each other. But a cyber security policy template for small business needs protocols so everyone can be on the same page about what to do when—especially when they suspect a breach.

The protocols that small business cyber security should address include:

Social engineering through phishing remains a significant route for cyber attacks, especially through cloud-based email programs. Email protocols should include templates that address regular employee training about what suspicious emails might look like, even from familiar colleagues. Email protocols also need to establish a chain that explains what to do if an employee suspects a phishing attack.

While most employees might know not to use their dog's name as a password, a template gives businesses a list of to-dos related to password management. These include using multi-factor authentication or using single sign-on procedures for approved employees.