If you think cyber security is expensive, you should try getting hacked. Now THAT’s expensive, both to your wallet and to your business’ reputation. 

According to a report by Symantec, 43% of cyber crimes were focused on small businesses in 2015, and that number has increased significantly every year. Why? Small businesses typically have the same kinds of information as large businesses do, but they usually have less security. Fortunately, you are not helpless. There are specific actions you can take to keep your business and your customers safe from cybercrime and hacking. Quality protective software and IT support is a must, of course, but the human element must also be managed. 

Shut the (digital) front door.

When hackers target a small business, they mostly gain access through unwitting employees. These employees are not giving up information willingly, but if they aren’t properly trained, their passwords and emails become easy conduits into the business mothership. 

Symantec’s report specifies that in 2015, there was a 55% increase in hacking cases that occurred because of email “spear-phishing” schemes. Malware embedded in an email, probably opened by an employee who handles finances, makes its way into the business network, and whammo, you’re hacked. To avoid this, make sure your employees are all trained to be on the lookout for suspicious emails and report them when they receive them. If someone does open one in a moment of multitasking, they must also be secure enough to know they can and should fess up so you can take steps to make sure no damage is done. 

Passwords that are easy to guess or not changed very often also make life easier for hackers, so have a process in place for employees to produce complex passwords and change them on an established, regular basis. Complex passwords are hard to hack, but they’re also hard to remember, so every month, give your team a set pattern to follow, like, “The make of your first car with the second letter capitalized and the year your mother was born with an & in between.” This makes it easy to remind people and still keep the passwords private.

Limit devices and information

Ransomware attacks are also increasing, in which hackers disable or reprogram company devices and demand payment to release them. The smarter electronics get, the easier they are to access, and the more smartphones, watches, tablets and TVs are on your business network, the more chances hackers have to get in. 

Define who really needs to have a device on the company network. Also ask yourself how much customer information you really need to save. The more information you have, the more information can get stolen. In each case, consider if the convenience worth the risk. 

Assume you will be hacked and plan accordingly

Danielle Valliere of LockPath assures small business owners that, “In motorcycle training courses, instructors will tell you that the mindset shouldn’t be one of if you have an accident, but when. The same attitude should be taken to matters of information security.” Your plan must be clear, specific, in writing, and should include who is responsible for what task to return business to normal in the event of a hack. You should also have a plan to communicate immediately with your customers and advise them what actions they need to take to protect themselves.

To learn more about avoiding and responding to cyber attacks, check out the Small Business Association’s cyber security tutorial.