Last updated at Thu, 09 Jul 2020 17:30:06 GMT

While the COVID-19 pandemic has made online stores increasingly valuable, some small businesses may not have had the experience around securing data and protecting resources from outside attackers. Here are a few tips to decrease the chance of becoming a victim of a cyber-attack.

Make a plan and write it down

So many things happen in the event of a cyber-attack that no one needs to try to remember what they are supposed to do. Create a plan for contingencies. What happens if the lights go out? What happens if the online store goes down? What happens if there is a pandemic? Thinking of these events and developing a plan on how you and your business will adapt to each scenario will determine how resilient your business and your employees are.

Make connections with local IT professionals and authorities

If writing things down is important, knowing who to go to when you need help (i.e., compromised computer, ransomware, stolen data, etc.) takes a close second. Building these local partnerships can prove extremely valuable when it comes to responding to issues quickly. Once those partnerships are established, write them down in your plan as well.

Buy antivirus software

There are many different kinds out there, so find the one that suits your business needs. There is no such thing as a free antivirus software. If it does say free, that means extra software that could be harmful to your computers might be downloaded, or you are not getting the full protection that you and your business needs. On the other hand, some paid antivirus software can come with extra protections like storing bank credentials in a more secured location on your computer or password managers.

Do not store your passwords on a notepad or in an unprotected word document

If an attacker was able to get access to your computer, they will most likely search for data that resembles passwords and usernames to get into all of your other accounts. Acquire a password manager to store all your credentials (including strong passwords) in securely with one large password. Just don’t write that one down, either.

Use two-factor authentication where you can

If you are using a hosting site for your website and online store, contact your hosting provider to see if they allow for two-factor authentication. If your online store can enable the same for your customers’ logins, even better. Try to use two-factor authentication wherever possible. This will help reduce the likelihood of an attacker stealing your username and password and gaining access just with that. Without knowing the second part of knowing who you are (or what you know), like a one-time passcode number, the attacker cannot get in.

Secure your website connections

Make sure that lock is there in the browser bar of your website and it says “HTTPS” before your website name (URL). This applies not just to your checkout pages and login pages, but all of your pages of your website. Most of the time this is taken care of by your hosting provider, but some do not provide certain protection mechanisms. Reach out to your hosting provider to see if they support security certificates for your website. If they do, they may charge extra to keep them renewed. If they do not, ask if they would support them if provided with your own certificates.

A surefire way attackers get into businesses’ computers is through suspicious emails. If you are not expecting an email or the email has a ton of mistakes in it and you do not know the sender, delete it.

Work with your hosting provider

Many hosting sites have a lot of security features available for purchase to increase the security of your sites. If they do not, you might want to try elsewhere. Reach out to your provider and see what features are available to install. Some may have prices, but no price is more expensive than compromised data.

The idea of becoming the victim of a cyber-attack can be nerve-wracking for many small businesses, but taking the time to shore up your approach to security can make a big difference in your organization’s defenses.