Aikta Marcoulier
In 2021, cybercrimes against small businesses reached a record high of $2.4 billion. That same year, online sales exceeded $960 billion and are expected to surpass $1 trillion in 2022. As we approach the holiday shopping season, small retailers need to evaluate their susceptibilities to cyberattacks and protect their systems from costly data breaches and online scams. Small retailers are especially attractive targets to cybercriminals because they typically lack the security infrastructure of larger businesses. A recent survey showed that 88 percent of small business owners felt their business was vulnerable to a cyberattack.
There are simple steps business owners can take to mitigate their risk of costly and destructive cybersecurity threats. The following are five easy and inexpensive actions business owners can take to reduce their risk of cybersecurity attacks:
1. Update your system’s software: Software suppliers are constantly providing updates or patches to software you utilize to prevent against the latest cyber threats. The cheapest and easiest way to prevent online attacks this holiday season is to update your computer systems on a regular basis.
2. Review your online security protocols. This year, online sales will be at their highest level in history. It is critical to ensure your website is secure by getting trustmarked with a Secure Sockets Layer certificate. An SSL certificate is a digital certificate that authenticates a website’s identity and enables an encrypted connection. Verify that your e-commerce platform has multiple layers of security in place, and that you are not storing credit card data.
3. Create effective passwords that cannot be hacked. The use of weak passwords is one of the major reasons why small retailers are so prone to cyberattacks. Always ensure that your employees are using unique passwords with at least 12 characters — a mix of numbers, letters, capital letters, and punctuation. Employ multi-factor
authentication which provides a layered approach to securing data and applications, where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login.
4. Be aware of social engineering threats. Hackers love to bait or trick employees into giving up sensitive personal or company information. Social engineering techniques include phishing scams, baiting, scareware and incentives. Hackers can review both your personal and company social media profiles then create emails, phone calls, and text messages that appear to be coming from a customer, vendor, or someone familiar to gain access to sensitive information.
5. Enforce strict rules on how your computer systems will be used. It is critical to provide effective training to all employees that will access your computer systems. Make sure employees only have access to data and tasks deemed necessary to their job function and role. You may be hiring multiple seasonal employees over the next few months and controlling how they interface with your online systems is a critical management function.
The holiday shopping season is a critical time for most small retailers — especially those with a robust online presence. Keeping your online systems safe will not only benefit your customers, but also your bottom line. To learn more about SBA’s programs and services related to cybersecurity, visit sba.gov/cybersecurity.
Aikta Marcoulier is the SBA’s Region 8 Administrator based in Denver. She oversees the agency’s programs and services in Colorado, Montana, Utah, North Dakota, South Dakota and Wyoming.
