Digital security for the self-employed: Stay secure without the help of an IT team
Nobody wants to spend time dealing with the aftermath of a security incident than building their business
Approximately one in seven people in Europe And United States of America entrepreneurs, often fulfill their dreams of being in charge of their own destiny and having more freedom and control over their careers. But with more freedom to shape their future trajectory comes extra danger. This often means little to no sick pay and vacation/parental leave and in IT a lack of support from the IT department, something most salaried workers take for granted.
This is especially acute when it comes to the cyber risks faced by sole traders or owners. If you run your own business, you will be on the radar of threat actors targeting your funds, sensitive client information, and even your potential intellectual property. Understanding where the risks are and how to build resilience is key. No single trader wants to spend time dealing with the effects of a breach, rather than building their business.
What’s at stake?
The bottom line is cyber criminals want to make money. And in general, more money can be extorted and stolen from businesses – however small – than individuals. But threat actors are also largely opportunistic. That means they’re chasing easy fruit to hang on – online accounts that aren’t properly protected, devices that don’t have security software installed, or PCs that aren’t running the latest operating systems, browsers, and other software versions.
There is little publicly available data on the volume of breaches impacting single traders. However, it makes sense that with fewer resources and little or no in-house IT support, they would be more vulnerable to cyberthreats. Consider how the following could impact your business:
- A ransomware attack that locks you out of business files, including all synced cloud storage.
- Attacks where threat actors steal and threaten to leak your most sensitive files, and/or sell them on the dark web. This can include highly regulated personally identifiable information (PII).
- Account takeover attacks via password theft or “brute force” techniques. Hijacked business accounts can be used in advanced phishing attacks on clients or even business email compromise (BEC).
- Malware is designed to harvest logins to your online company bank accounts in an attempt to drain funds.
The impact on sole traders
The challenge for sole traders is not just limited IT resources. Arguably there is a greater impact on the company’s reputation and the financial returns are more difficult to recover from. Clients may have nothing to lose if they leave the company after a serious breach – especially since employment relationships are often informal.
That’s not to mention possibly the biggest direct impact of a serious cyber incident on a sole trader: lost productivity. The time that self-employed business owners have to spend cleaning up their IT environment and recovering from a major cyber attack, is time they could not spend serving their clients.
How to keep your business safe in cyberspace
Based on British government figure, only a fifth of the country’s microenterprises have a formal security strategy. But the average cost of a breach over the previous 12 months was calculated to be over £3,000 (US$3,740), which could be a significant expense for a company of this size. That’s why sole traders should take the time to get the basics of security right, focusing on the following precautions:
- Back up your important business data: This means first figuring out what’s important enough to back up, and then selecting a backup solution. Cloud storage (i.e. OneDrive, Google Drive) is a useful option as backups are automatic and there is no need for an upfront investment in hardware. Most major providers have capabilities that allow you to restore from a previous version, even if the ransomware spreads to the data cloud. However, for extra peace of mind, it might be worth also backing up to a removable hard drive, and making sure it’s unplugged until needed.
- Install anti-malware software: Choose products from reputable vendors and ensure all PCs and other devices are covered. Make sure to keep automatic updates turned on so you’re always running the latest version.
- Keep all PCs and devices patched: Ensure all operating systems and other software are on the latest versions by enabling automatic updates. This means they will be patched against the latest exploits.
- Secure account: Use only strong, unique passwords stored in the password manager, and enable two-factor authentication whenever offered (social media, email, cloud storage, router, etc.). This will reduce the risk of phishing, random guessing of passwords, and other attacks.
- Protect your mobile device: Keep all software up to date, install security software and do not download any apps from unofficial app stores. Make sure the device is locked with a strong passcode or a solid biometric authentication method and can be remotely tracked and wiped in the event of loss or theft.
- Make a plan when things go wrong: This “incident response plan” need not be exhaustive. Just know which IT services your business relies on and have a handy list of contacts to call if the worst-case scenario occurs. This will speed up recovery time. Keep a paper copy of the plan in case the system is forced offline.
- Test your endurance today with the National Cyber Security Center Exercise in a Box And Be aware of the virtual world
Above all, awareness is key. Simply by reading this article, your business will be in a better place. Apply the best practices above to keep your business out of the reach of opportunistic enemies.