A version of this article originally appeared on principal.com.
Do you feel confident that your business is fortified against a cybersecurity breach? If not, you're not alone.
Only 18% of small businesses (under 500 employees) employ somebody whose sole responsibility is cybersecurity1 — a thin slice of the small business sector, which makes up 99.9% of all businesses in the United States.2
But even larger businesses struggle to devote staff to cybersecurity: Less than half (47%) employ a full-time, in-house cyber expert.1
Cyberattacks and ransomware have the power to inhibit or even shut down a business. Yet only 54% of all businesses say they have a business continuity and disaster recovery plan for a cyberattack. And the number of average weekly cyberattacks in the US surged 57% last year.
You can hire an outside cybersecurity expert as an incremental step. But even businesses without much budget for cybersecurity can pursue affordable, practical strategies on their own.
The number of average weekly cyberattacks in the US surged 57% in 2022.
1. Strengthen passwords and add multi-factor authentication
The majority of data breaches involve human behavior, with hackers often exploiting employee credentials such as weak or stolen passwords. That's why the added security of of multi-factor authentication (multiple layers of identification to gain access) can make such a difference.
Business leaders can also make progress by encouraging employees to choose more complex passwords — phrases rather than words, with a mix of letters, numbers, and punctuation.
2. Name an internal cyber leader
Identify a "cyber leader" within your organization — even if this person isn't already an expert. The Cyber Readiness Institute (CRI) — which has a free Cyber Leader Certification Program — says every business needs somebody who "builds a culture of security and ensures associated safeguards are implemented with the support of senior management."
3. Create a cybersecurity and ransomware incident-response plan
Ransomware cases have been in the headlines. Help employees know how to respond to a cyberattack before it strikes.
4. Hold regular cybersecurity drills and phishing tests
Like a fire safety drill, test your business on how it would respond to a cyberattack or phishing attempt. This can help you flesh out and assess your incident response plan. Employees can identify their most useful roles and responsibilities in cyber defense — prior to the panic of a true emergency.
The Cybersecurity and Infrastructure Security Agency conducts cyber-range training that may offer a template for business drills.
5. Make software updates a habit
Widespread weaknesses such as the "Log4j vulnerability" are reminders to keep software up to date to help protect data and operations from trending threats. Regular updates are a core component of good cybersecurity. Seek out and install timely software patches from trusted vendors.
Learn more from businesses like yours at principal.com/benefits.
This post was created by Principal with Insider Studios.
1 Principal survey of 127 employers and 127 employees (not necessarily the same companies), November 2022.al Financial Well-Being IndexSM, October 2022.
2 2022 Small Business Profile, U.S. Small Business Administration Office of Advocacy. https://cdn.advocacy.sba.gov/wp-content/uploads/2022/08/30121338/Small-Business-Economic-Profile-US.pdf
Cyber Readiness Institute (CRI) is not an affiliate of any company of the Principal Financial Group®.
This communication is intended to be educational in nature and is not intended to be taken as a recommendation.
Insurance products issued by Principal National Life Insurance Co (except in NY) and Principal Life Insurance Company®. Plan administrative services offered by Principal Life. Principal Funds, Inc. is distributed by Principal Funds Distributor, Inc. Securities offered through Principal Securities, Inc., member SIPC and/or independent broker/dealers. Referenced companies are members of the Principal Financial Group®, Des Moines, IA 50392. ©2023 Principal Financial Services, Inc.