Do you think cybercriminals are too busy targeting big businesses like Home Depot, Marriott and Google to bother with your small company? Think again.

Cyber attacks are a growing threat for small businesses and the U.S. economy. According to the FBI’s Internet Crime Report, the cost of cybercrimes reached $2.7 billion in 2018 alone. Small businesses are attractive to cybercriminals because they typically lack the security infrastructure of larger corporations and by accessing a small business’s computer network, typically this opens up the client and vendor networks, too. According to a recent SBA survey, 88% of small business owners felt their business was vulnerable to a cyber attack. And since 71% of cyberattacks occur at businesses with fewer than 100 employees, small companies should be concerned.

For a small business, the cost of a data breach can be devastating. The average cyberattack costs a small business $34,604. Since it takes an average of 191 days for a small business to become aware of a cyberattack, companies that are attacked once are often hit again. No surprise that nearly 60% of companies go out of business within six months of a cyberattack.

Fortunately, there are steps you can take to protect your business, clients, and vendors.

1) Train your employees

Employees and emails are the leading cause of data breaches for small businesses because they are a direct path into your systems. Training employees on basic internet best practices can go a long way in preventing cyber attacks. Make sure your employees know how to  spot a phishing email, best web browsing practices, how to avoid suspicious downloads, the importance of creating strong passwords, and most importantly, how to protect sensitive customer and vendor information. Monitoring online mentions of your business name and variations of it is also very helpful and hiring a firm to do a Dark Web check up a few times a year is a good idea.

2) Use antivirus software and keep it updated
Each of your business’s computers should be equipped with antivirus software, antispyware, and updated regularly. You can easily find this online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install updates automatically.

3) Secure your networks
Safeguard your Internet connection by using a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). And always password protect access to the router.

4) Multifactor authentication
Multifactor authentication requires additional information (e.g., a security code sent to your phone) to log in. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.

5) Back up your data
Regularly back up data on every computer. Critical information electronic spreadsheets, client and vendor databases, financial files, human resources files, and accounts receivable/payable files.

6) Secure payment processing
Work with your banks or card processors to ensure the most validated tools and anti-fraud services are being used. Take it a step further by isolating payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet.

7) Control physical access
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee. And ensure that administrative privileges are only given to trusted IT staff and key personnel.

8) Get strong non-disclosure agreements

If applicable for your business, create well-written non-disclosure agreements. Also, look at any other agreements you use in your business to make sure they cover your intellectual property. These could include employment agreements, licenses, and sales contracts.