New Year's Cybersecurity Resolutions for Small Business Owners

The new year is an excellent opportunity to reflect on your business goals and make resolutions to improve your cybersecurity posture. Cyberattacks are becoming more frequent, sophisticated, and costly, especially for small businesses that often lack the resources and expertise to defend themselves. According to a report by the Identity Theft Resource Center, 73% of small business owners and leaders experienced data breaches or cyberattacks in 2023, a significant increase from previous years. Small businesses will face major cybersecurity threats in 2024, including phishing, malware, ransomware, business email compromise, trusted insider threats, unintentional disclosure, storage reconnaissance, and zero-day attacks. Many of these attacks resulted in data loss or theft, financial losses, reputational damage, and legal liabilities.

Small business owners should adopt some cybersecurity best practices and resolutions for 2024 to prevent or mitigate the impact of these cyberattacks. Here are some suggestions:

• Educate yourself and your employees on recognizing and avoiding phishing and smishing (SMS phishing) emails and messages that trick you into clicking on malicious links or attachments or providing sensitive information. Phishing is one of the most reported cyber-crimes in the U.S., resulting in countless financial losses yearly.
• Use strong passwords and enable multi-factor authentication (MFA) for all your online accounts and devices. MFA adds an extra layer of security by requiring something you know (such as a password), something you have (such as a phone or a token), or something you are (such as a fingerprint or a face scan) to access your accounts.
• Install antivirus software, ideally Endpoint Protect and Respond software, a modern equivalent of traditional definition-based threat protection. Ensure that these protections are self-updating and enabled on all devices. It is one way to detect and remove malware that can infect your devices and compromise your data. Malware comes in many forms, such as viruses, worms, trojans, spyware, adware, and ransomware.
• Backup your data regularly and store it in a secure location. It can help you recover in the event of a ransomware attack, which can encrypt your files and demand payment to unlock them. Ransomware attacks can result in catastrophic business losses. The best backup solutions adhere to a 3-2-1 rule where three copies of your data exist at all times, two copies are backups, one of which is stored in an alternate location.
• Secure your email communications and verify the sender's identity before opening attachments or clicking links. Business email compromise (BEC) is a phishing attack that targets businesses by impersonating a legitimate entity or person, such as a vendor, a client, or an executive, and requesting money transfers or confidential information.
• Monitor your network activity and limit access to sensitive data. Trusted insider threats are employees or contractors who intentionally or unintentionally misuse their access to harm the organization. Unintentional disclosure is when sensitive data is accidentally exposed or leaked due to human error or negligence.
• Encrypt your data at rest and in transit. Encryption can protect your data from unauthorized access or modification by making it unreadable without a key. Storage reconnaissance is when attackers scan cloud storage services for unsecured data that they can exploit.
• Patch your software and systems regularly. Patches are updates that fix bugs or vulnerabilities that attackers can exploit. Zero-day attacks are attacks that exploit unknown vulnerabilities before they are patched.