Small Business Cyber-Attacks – Why You Need to Act Now

Cyber Attacks Small Business

2/3rd of small business owners don’t worry about cyber-attacks. And, honestly, that number is ridiculously high. According to CNBC, “Cyberattacks now cost small companies $200,000 on average.” A $200,000 cost would bankrupt many small businesses. So, why aren’t we acting? 

Thinking about making changes to your business? ProStrategix knows how to help. Read some of our other articles below, or feel free to connect with us and get a complimentary thirty-minute consulting session.

Few Small Businesses Perceive Cyber-Attacks as Threats

Two-thirds of small businesses think that they are at risk of a cyber-attack. Less than 10% of small businesses think a cyber-attack is very likely. 60% of us don’t have a cyber-attack prevention plan. In fact, less than 10% of small businesses rank cybersecurity as a top priority, and nearly double that amount feels it’s their lowest priority. 

Our Complacency Makes Us a Big Target

Nearly 4 in 10 attacks are targeted at small business. Some estimates put this number at 67% attacked in the past year. It makes us very vulnerable to a very costly expense. The sad truth is you may not have the chance to act if one happens to you. Few small businesses can absorb a hit of $200K and stay alive. In fact, 6 of 10 small businesses go out of business within six months after a cyber-attack.

Why Don’t We Act?

      • We underestimate the risk, and we think we have bigger fish to fry 
      • Few of us know what to do 
      • We think it only happens to big companies.  We’re too small, too unknown, etc. 
      • Password protection isn’t enough 

What Can We Do?

While password security isn’t all you need to do, it is the first step.  Why you may ask? It’s because 81% of data breached are caused by weak or stolen passwords.  

Steps for creating and maintaining passwords 

      • Create a password policy – strong passwords with a requirement to change them frequently (60 – 90 days) 
      • Train your employees on the password policy  
      • Audit your password policy 

The next step is to determine which data are the most sensitive to least sensitive. This simple classification can be helpful.

Data security levels – sample case 

      • Red – the highest level of sensitivity – employee SSNs, client credit card information, financial data, etc. 
      • Yellow – business plans, marketing plans, client proposals, contracts, etc. (could be red depending on their importance to your business) 
      • Green – publicly available information 

Once you have classified your data, then you need a storage policy.  One possible suggestion could be the following. Red-level data need to be on servers with limited access both internally and externally. This usually means stored locally.  Yellow-level data can be stored in strongly protected cloud resources, such as Microsoft Sharepoint or Shared Drive. Green-level information can be stored on shared servers.

Finally, you should consider purchasing cyber-insurance. This will help protect you financially in case of a breach. You can get much more complex, but with at least these simple steps, you can reduce your risk significantly.

At ProStrategix, we know you have concerns.  We’re designed to help give you the business support you need so you can focus on doing what you love.  If you would like to learn about how we might be able to help you, please contact us.

LinkedIn Imposters – What You Need to Know

fake profiles

If you are on LinkedIn, then you’ve probably met more than a few imposters. Most are easy to spot. They say the work for a major company, but their location is nowhere near any of the company’s locations. Maybe they have no experience but come with a pretty face and nice sounding title. Needless to say, they’re all over the place. And you should probably pay attention for the sake of your own cybersecurity.

Thinking about making changes to your business? ProStrategix knows how to help. Read some of our other articles below, or feel free to connect with us and get a complimentary thirty-minute consulting session.

The Good News Is LinkedIn has Acted

In the first half of 2019, LinkedIn blocked nearly 22M fake accounts. Yes, that’s an M for Million, but it’s only 3% of the total # of users. LinkedIn has more the 645 M users. But, as anyone know who is active on LinkedIn knows, that number seems very low. According to LinkedIn, 98% of the fraudulent accounts were removed or blocked using the automated defenses put in place by the network, while the remaining accounts were spotted by people, according to GeekWire.

LinkedIn Imposters are hard to

Why Should You Care about LinkedIn Imposters?

There are two reasons that you should care. First, fake accounts get in the way of true networking. LinkedIn is an important tool for many people, especially in the professional services market. Fake accounts take up your valuable time as you need to sift through the phony requests to get the those which a relevant to your business. Fake accounts might boost your numbers, but they won’t help you gain more business. If you deal with business-to-business marketing and communication on LinkedIn, then you really need to be certain that you aren’t accidently falling for an imposter.

Second, LinkedIn, unlike Facebook and Twitter, are actually trying to take actions so these fake accounts don’t harm their credibility. We all know the number is higher than 3%, and we can be part of the solution. When you suspect as suspicious account, report it to LinkedIn. I know it’s an added step, but it might help ensure that less of your time is wasted in the future. Plus, you don’t want to become victim to a phishing scheme or something else disastrous. 

These are simple steps to take in order to protect yourself from problems in the future and for the safety of your business.

At ProStrategix, we know you have concerns.  We’re designed to help give you the business support you need so you can focus on doing what you love.  If you would like to learn about how we might be able to help you, please contact us.

Online Reviews – Quantity over Quality?

Online Reviews

Online reviews matter for small businesses. Good reviews can take your business to another level, but bad reviews are expected to cripple a business. When it comes to online reviews, it may actually be quantity over quality according to a study by WomplyWomply found businesses with over 200 reviews earn twice as much as the average firm. 

Thinking about making changes to your business? ProStrategix knows how to help. Read some of our other articles below, or feel free to connect with us and get a complimentary thirty-minute consulting session.

What Is Womply?

Womply's information about online reviews is groundbreaking
Womply's information about online reviews is groundbreaking

Womply, a San Fransisco based small business software company, used data from more than 200,000 businesses across the country.  They found that roughly 4 out of 5 reviews are positive.  The shocking news was negative reviews didn’t necessarily mean a loss in revenue, and surprisingly, 5-star ratings didn’t necessarily yield more revenue.

Replying Is Key

Based on their research, the three most important things were: having more reviews, recent reviews, and frequent responses. What was surprising was that, according to Womply, businesses that have up to 50% negative reviews online earn nearly the same as the average business (20% negative).   Businesses that respond to more than 20% of their reviews earn over 40% more than those that don’t respond at all.  

Fears of Negative Online Reviews are Mostly Unfounded

Based on these data, it’s more important to interact with those who review you than it is for them to like you.  It seems odd, but that’s what the data say.  And, when you come to think of it, maybe it doesn’t.  It may just be human nature.  If someone took the time to write you a note, you’d probably take the time to reply.  People seem to respect that. 

 

A Bad Review is all it takes to hurt a business
A negative online review used to be scary, but now is something to deal with sensibly

We are often reluctant to ask for reviews out of fear of someone saying something negative, but these data show that those fears are mostly unfounded.  Reviews negative or positive provide an opportunity to improve your business and have a better handle on quality control. 

Other major findings...

      • Not all businesses are treated equally – if you’re a taxi driver, hotel, or in real estate, people can be harsh. 
      • Ignore your listings at your peril: Claiming your listings on at least 3 major sites can yield an extra $100K vs. the average business and $200K vs. those who ignore them. 
      • Google is king when it comes to Online Reviews, over  
      • Consumers spend a lot more at businesses (over 50%) that reply to reviews. 

The Smartest Tech for Small Businesses

Smart Tech Small Business

As small business owners, rarely do we have time to invest in researching new technologies. There are a lot of different kinds of technology out there to be aware of, and there are a number of things to be afraid of, too, when it comes to cybersecurityIn this post, we hope to help cut through the clutter and share with you the best, new smart tech that can save you money, boost sales, and improve service.

Thinking about making changes to your business? ProStrategix knows how to help. Read some of our other articles below, or feel free to connect with us and get a complimentary thirty-minute consulting session.

Smart Tech for Security

A smart security system can reduce your insurance premiums and help reduce theft or shrinkage, which is a major concern for many small businesses. 

Stopping Unauthorized Entry

SimpliSafe and Abode offer very affordable options that cover the basics, doors, windows, motion detectors, etc.  They provide instant alerts to your smartphone and can be integrated with local police.  

A smart lock can help you limit unauthorized access, especially if you have multiple people coming in and out. These systems only provide access when authorized and track entry and exit.  They can be activated by individual codes, cards, or keyless access. “Kwikset Kevo and Schlage Sense are two robust options.”

An example of Smart Tech, a Nest Camera

Reducing Risk 

Many smart tech devices can also protect from damage due to fire, leakage, and other costly accidental damage. They are easily integrable with your smartphone and local emergency departments such as fire, etc. 

Reduce Theft 

A new brand, Kogniz, offers facial recognition software which can help monitor employees and help identify shoplifters and other shady behavior and unsavory clientele. 

Smart Tech for Saving Money

Utility use is not a major driver for most businesses. But if you can save a few dollars here by cutting unnecessary costs, it can add up. 

Smart Thermostat 

A smart thermostat can help cut your energy costs.  You can have it learn your hours of operation and integrate motion sensors to adjust inrealtime to changes in the number of people in the space. 

Smart Lighting 

As with a smart thermostat, smart lighting can also reduce costs. A complete system of LED, sensors, and remote access can really improve both the efficiency of your workplace. This is especially important if you have flexible work hours or less or more access to natural lighting.  Phillips offers a great package, as does Lutron, Wiz, and others. 

Smart Tech in lighting is a major game changer

Smart Tech for Improving Service

There are two new ways that tech has really improved customer service.  These are digital assistants and chatbots, two A.I. based services. 

AI and Lending

Digital assistants 

The most useful role for digital assistants is to provide a more seamless way to schedule meetings, link e-mails, track calls, ensure follow-up, and make sure data are easily accessible.  They can also serve as a hub for all your smart devices.  The one risk is to read the fine print.  Some tech devices are nosier than you think.  You don’t want them eavesdropping on your conversations.

Chatbots 

When used properly, chatbots can be very effective and not off-putting. We all have had bad experiences with poorly executed chatbots.  While many will say chatbots can perform functions humans can, the truth is right now, they can’t.  Don’t waste your time trying.  These are best used when there are simple FAQs that help get people to the right information quickly. 

At ProStrategix, we know you have concerns.  We’re designed to help give you the business support you need so you can focus on doing what you love.  If you would like to learn about how we might be able to help you, please contact us.

Cyber-Attacks Must Be Taken Seriously Before It’s Too Late

Cyber Attacks Small Business

Cyber-crime is on the rise, and it is something that is becoming an issue of note. There is a lot of complacency among small business owners when it comes to cyber-attacks. It’s just not large companies that hackers are targeting. In fact, 43% of cyber-attacks target small businesses. Today, we wanted to share the story of a client of ours named “Tom” to illustrate the damage they can cause.

Thinking about making changes to your business? ProStrategix knows how to help. Read some of our other articles below, or feel free to connect with us and get a complimentary thirty-minute consulting session.

Tom’s Story

Tom was a new business. He had spent months slowly building up his e-mail list. While he was building his list, he didn’t do much e-mail marketing. Tom planned to wait for a while before hitting people too soon with a marketing message. A smart move, but it left him vulnerable to this type of attack. 

One day, Tom was going through his e-mail and came upon an innocuous e-mail from a company with which he did business. What he didn’t notice was the sent from address was not the same as the company with which he does business. He was busy, it wasn’t top of mind. He clicked the link.  

Nothing happened at first. A few days later, he was hit by a barrage of unsubscribes from that list he had been so carefully building. He didn’t get it until he saw that they all had been sent spam mailTom’s site was blacklisted, and his e-mail service dropped him. All that work was just lost with one scam. Tom was the victim of a cyber-attack. 

A cyber-attack can cripple your business without you even knowing what's about to happen

It took Tom several months to recover. He had to prove to his hosting service that he wasn’t responsible. That was no easy task. In their mind, he was. He was responsible for the site’s security, and due to what they viewed as his lax security protocols, he violated their policies. The same was true for the e-mail service provider. He eventually got it sorted out, but it cost him both time and money, consequences of the cyber-attack that went far deeper than just changing his username and password. 

Tom Isn’t Alone

Taking cyber-attacks seriously is important for any business owner

Verizon published a report that showed that 43% of all cyber-attacks target small to medium-sized businesses, and the number keeps rising. Why? Well, according to a recent study released by Keeper Security, two-thirds of small to medium-sized business owners do not personally feel threatened by the possibility of cyber-attacks. This makes them easy targets since 60% do not have a plan to prevent attacks from happening. This is alarming as it has been reported that 60% of small businesses that suffer a cyber-attack go out of business within 6 months of the attack. Luckily, Tom wasn’t one of them, but from Tom’s example, you can see how that might happen.

What to Do to Prevent a Cyber-Attack?

There are several security steps to take, but at the very least, contact your insurance broker to get some cyber-insurance. By going through this process, you will learn what tools they feel are most effective for you and will help you lower your rates. Also, be aware of signs for of phishing attacks and things of the sort. But more thaanything, be smart. Do what you can to avoid being a case like Tom, which you’ll pay for later on.

At ProStrategix, we know you have concerns.  We’re designed to help give you the business support you need so you can focus on doing what you love.  If you would like to learn about how we might be able to help you, please contact us.

What to Do if You Get a Bad Review

A one star review can be very bad for business

There are so many review sites these days, it’s hard to keep up. But a bad review can be hard to manage, especially when you’re new. Shifts in technology trends can change many things for a company, and our client Donna learned that lesson the hard way. 

Donna owns a small retail shop that had recently opened in Manhattan. She was growing well and was off to a good start. But while I love New Yorkit isn’t out of the question to say that New Yorkers can be blunt and harsh critics. Donna had one difficult client interaction, which turned into several months worth of headaches. The client left unsatisfied and left a scathing 1-star review on Google. Initially, Donna wrote it off and went on with her day. Unfortunately for Donna that was the wrong thing to do.

Unsure of how to take your business from good to great? ProStrategix knows how to help. Read some of our other articles below, or feel free to connect with us and get a complimentary thirty-minute consulting session.

What Donna Didn’t Know About Bad Reviews

A recent study showed that a bad review on Google My Business can hurt you much more than one on Yelp or Facebook. The study showed that the impact of a poor Google rating had twice the effect of a bad review on Yelp. It had nearly 4 times the negative effect than Facebook. Ouch, right? We can only speculate as to why, but it’s likely that review ratings are part of the local search algorithm. Therefore, businesses with a lower review rating may be shown less. It’s also easier to leave a Google review so that could be a factor as well. 

What Donna Should Have Done

A Bad Review is all it takes to hurt a business

No matter how big or small your business is, someone should be checking and responding to customer reviews regularly. You might be thinking“of course, doesn’t everyone?” But, it’s easy to think that when you are not pulled away by a thousand different things. Plus if it was a negative review, the interaction probably wouldn’t be pleasant for you, either. It would be hard not to get emotionally invested in it. The first step is to try to depersonalize the situation. It’s hard, but that separation is necessary. Otherwise, you can’t follow this golden rule:  the first one who acts irrationally will lose. Acknowledge that you heard them. Focus on the facts. Be professional. Never lose your cool. 

What We Did for Donna

Since Donna didn’t act on the review, it stuck. She started to see her local search numbers fall and her organic traffic took a nosedive. How could one review do that? It was her 1st review. Donna needed to fix this quickly. We started a program offering discounts for a Google review. We were clear that we wanted their honest feedback. It was solely a means of encouraging them to act. And most importantly: it worked. Within 2 weeks, we had 20 reviews. It took a month or so to recover fully. But recover Donna did, and her bad review problem went away. We also encouraged her to hire a social media manager to monitor her comments and act on any comments within 24 hours. 

 

A bad review isn't the end of the world

With how much business is done online nowadays, it is easy to see how a bad review can sink a business. But by keeping on top of it and staying smart, you can avoid problems like Donna’s. And importantly, we are happy to help you do that, because it is important to help your business grow, and we want to be there for it. 

At ProStrategix, we know you have concerns.  We’re designed to help give you the business support you need so you can focus on doing what you love.  If you would like to learn about how we might be able to help you, please contact us.

How Not to Get Hooked by a Phishing Attack

Hooked by a Phishing Attack

Getting hooked by phishing attacks are costly.  In fact, the average cyber attack costs small businesses $53,987. Phishing attacks are the most common. So, how do you not get hooked by one?

We created a short video, highlighting the key elements based on an overview
by CITRIX®
published on SmallBizTrends.

[Phishing is] “A type of online scam that targets consumers
by sending them an e-mail that appears to be from a well-known source.” The
scammers pretend to be an internet service provider, a bank, a mortgage
company, or other entities. – Federal Trade Commission (FTC)

The FTC provides more information on how to deal with phishing attacks.

Thinking about making changes to your business? ProStrategix knows how to help. Read some of our other articles below, or feel free to connect with us and get a complimentary thirty-minute consulting session.

Phishing Attacks – How Many Hooks are There?

Amazingly, about 1 in every 100 e-mails are part of a phishing attack.
That’s right, you and your employees are likely hit with several a week since
nearly a third of phishing emails aren’t caught by spam or firewalls. The
threat is very real and very common, and they’re on the rise.  SmallBizTrends reported an increase in
phishing attacks of 65% from 2016-17.

Why do they do it? Simple, it works. According to SmallBiz trends, 83% of
people were hooked by a phishing attack resulting in some disruption and
damage. These ranged from productivity loss (67%) to data loss and reputation
damage (both around 50%). They go on to say that “2 in 3 phishing attempts use
a malicious link, and over half contains malware”.

Two Most Common Types of Phishing Attacks

Most Common – Malware Attack

About ½ of all phishing attacks are malware attacks. These attacks have
hidden code which triggers a malicious download. This malware allows the hacker
a number of options for ransomware, stealing, spying, and other malicious
activities.

2nd Most Common – Credential Harvesting

Roughly, 4 out of every 10 phishing attacks try to harvest your credentials,
like your password or credit card information for instance. This can wreak
havoc to your business or personal credit. 
However, it’s mainly to use you as a trojan horse to attack a larger
site with more information.

There are other types
of phishing attacks
, which SmallBizTrends cited.

What Can You Do to Avoid Getting Hooked by a Phishing Attack?

The most inexpensive way is to follow the steps outlined in our video.
However, that relies on people being vigilant, which can be prone to failure. A
more expensive approach is to purchase an e-mail security platform for your
business. Capterra lists
several companies, none of which post their pricing.  After a little research though, we found that
they charged around $5/user/month to protect Microsoft 365 users.

Summary – How Not to Hooked by a Phishing Attack?

Vigilance. It’s important to educate every employee on how to manage their e-mails to avoid these threats. Once they take the bait, they’re hooked, and the phishing attack damage is done. At ProStrategix, we have an e-mail policy which is part of our core employee training. At a minimum, we recommend you do the same.

At ProStrategix, we know you have concerns.  We’re designed to help give you the business support you need so you can focus on doing what you love.  If you would like to learn about how we might be able to help you, please contact us.

Small Business Cyber Security & Why Be Concerned

Small Business Cyber Security

Small business cyber security & attacks rarely make the news, but small businesses are among the biggest targets. Having had to deal with one ourselves, we know.  In fact, “43% of cyber-attacks target small businesses” according to the Verizon 2019 Data Breach Investigations Report (DBIR).  The most common is ransomware.

Why are small businesses so vulnerable?  Simple, time.  Most of us are so busy running our day-to-day operations.  Who has time to focus on Phishing scams or other cyber-attacks?

Thinking about making changes to your business? ProStrategix knows how to help. Read some of our other articles below, or feel free to connect with us and get a complimentary thirty-minute consulting session.

Small Business Cyber Security Assistance Act

While it sounds great, it sadly underdelivers. It authorizes the nation’s Small Business Development Centers (SBDCs) to “work with” the Department of Homeland Security to, according to  The Hill, “provide consulting to small businesses on how to strengthen their cybersecurity protocols.”  New materials and education programs are also tools?. -Small Business Trends

Sounds good, right?  Not quite.  While the bill has good intentions, the policy execution has problems.

Problem #1: Have You Ever Heard of SBDC?

Right.  I didn’t think so.  So, how can they provide “consultation” on small business cybersecurity if you don’t know they exist?  Sadly, this bill does not include funds to drive awareness of SBDC.  Therefore, if you don’t know about it now, you’re not likely to learn about them in the future.  The idea that the centers will be sufficient to “provide consulting to small businesses on how to strengthen their cybersecurity protocols” is like pouring money down the drain.

Problem #2: Raise Your Hand if You Own a Server?

Again, didn’t think so.  Most small companies have switched to, or started with cloud-based applications.  We do.  I bet you do, too.  This makes our data security dependent upon big tech companies.  While this bill is focusing on us, where is the accountability for those hosting the data – Microsoft, Google, Amazon, and others?

Small Business Cyber Security Assistance Act Alternatives

Solution #1: Make Tech Companies Liable for Small Business Losses

While you could sue them for data losses, good luck!  The playing field is completely imbalanced.  If this bill really wanted to help small businesses, it should require big data companies to provide compensation to their small business customers when they screw up.  Regulation of the tech industry is sadly lacking.  Congress is not known for being tech-savvy. 

Solution #2: Cyber Insurance

Who has heard of cyber insurance?  Few have.  It is available, and it’s probably the best option to protect yourself.  It’s just an added cost.  This bill could help small businesses if it would provide some financial guarantees for insurance companies, similar to what they do for the Small Business Administration loans.  Some assistance to help pay for cyber insurance would make it more affordable and accessible.

If this legislation passes, it’s unlikely to do much in terms of helping reduce small business cyber-attacks.  In this jump-start application world, you have two options.  First, put your faith in tech companies acting responsibly with your data, or alternatively, invest in some cyber insurance.

In summary, Congress is woefully behind the times in tech. This is nothing new. This is one area where infrastructure improvements could significantly help small businesses cybersecurity, but in the meantime, we should take precautionary steps to protect ourselves.

At ProStrategix, we know you have concerns.  We’re designed to help give you the business support you need so you can focus on doing what you love.  If you would like to learn about how we might be able to help you, please contact us.