Let’s start with dessert. That’s what businesses like to talk about when I first meet with them at the Small Business Development Center. And why not? It’s the best part.
Business dessert is profit, great marketing ideas, a new logo, growing sales and the vision of a profitable exit to retired beach life. This is all part of a great meal, but in between there is the meat of day-to-day operations and potatoes of customer service. And few important items get moved to the “vegetable” role, including cybersecurity.
Cybersecurity is a relative newcomer to the menu of business owner responsibilities, but it’s one that many business people put off eating indefinitely. Despite warnings that cyber attackers strike small businesses with alarming frequency, the horror stories that make the news are almost exclusively about large corporations or government entities. This can trigger the business owner to think: “If the big kids won’t eat their vegetables, why should I eat mine?”
Fair point, but what we don’t see in the news are the attacks that didn’t happen because businesses (large and small) already have security features in place. Nothing is 100 percent secure, but most businesses that have basic cybersecurity measures in place continue business without trouble. However, the more common reasons for avoiding cybersecurity are: “I can’t afford an IT gal to do this, I don’t know where to find one, and it’s all too time consuming and technical for me.”
This is the idea I want to change. YOU, business owner, can do this. You can eat this vegetable. Let’s start with small bites: Train, test, update, remind.
Ninety percent of cybersecurity is in the hands of your employees, so that means you can make cybersecurity part of your onboarding and employee training process. If you are a one-person show, your job is even easier.
Train: Teaching your employees about phishing, scams and securing their passwords is easy because you don’t have to do it. You can simply assign it. There are many excellent, free training videos (minutes, not hours) on YouTube. After, you give them a free, one-page review of this training. We have a copy ready to share with you at the SBDC.
Test: Testing your employees on their scam-spotting skills is easy because you don’t have to do this yourself either. You can register for a free service: knowbe4.com/phishing-security-test-offer. Knowbe4 will send out up to 100 free test emails to your employees to see if they can spot the scam. Then, you see how well they did and repeat training as needed. Usually, an employee only needs to make a scam email mistake once, and they learn quickly. That happened to me, thanks to test emails my employer sent out. (Good job, ISU!) When staff know they might be tested, they are more likely to be vigilant.
Update: Use an online password keeper and update your passwords periodically. The basic password keepers are free, but for a few dollars a month, a corporate subscription allows the owner to give and take employee access to passwords. This takes the worry out of employees using your password, accidentally losing their own passwords or taking them along when they leave your service. Additionally, make sure to periodically update all your software and remind employees to do the same with their digital equipment — especially smartphones and tablets.
Remind: Make cybersecurity an agenda item at weekly staff meetings. Don’t expect employees to make a bunch of changes at once. Start with training and testing, then move on to updates and other strategies. We have some fun, free posters for your break room to help with the reminding process.
The Small Business Development Center is the cheese sauce for this broccoli. We can meet with you and help you set up a password manager, phishing testing for your employees, and scheduled backups. All of this would take about an hour. We have a few more simple recommendations we can walk you through as well. If you’d like a copy of our free cybersecurity checklist, email me at the address below. None of these precautions require a lot of time, and with them in place, you will have covered most of your risk.
And quickly get back to dessert!
Ann Swanson is the director of the Small Business Development Center at Idaho State University's College of Business. The SBDC is taxpayer funded to provide no-cost consulting and low-cost training to any small business. Swanson can be reached at 208-282-4402 or email@example.com.