Gilbert Asks the Expert: Cybersecurity Insights for Small Business Owners from FlightPath IT President Jonathan Sheldon
As an IT professional with over 20 years of experience—and one of the first people to earn a bachelor’s degree in information technology from Rensselaer Polytechnic Institute—Jonathan Sheldon knows just how devastating a phishing scheme, ransomware attack, or system failure can be to a small business. However, Jonathan, who is now the president of FlightPath IT, an IT services company for businesses throughout the North Shore and greater Boston area, also understands that investing in cybersecurity may seem like a tall order for a smaller company with tighter operating budgets and a leaner staff.
But if, like so many other businesses today, technology is at the heart of yours, it’s essential to keep it in good shape and steadily pumping away. So, Jonathan shared with Gilbert Insurance three things all businesses, no matter their size and resources, can do to help keep their valuable information, databanks, systems, and networks safe from bad actors.
Tip #1: Make life as difficult as possible for a would-be cybercriminal.
The more work a bad actor must do to infiltrate your network, the more likely they are to throw up their hands and move on to a new and vulnerable target. According to Jonathan, some of the best ways for small businesses to frustrate a cybercriminal are:
- Using multifactor authentication for all online accounts. Multifactor authentication requires a bit more work for you and your employees because you must present multiple credentials to verify your identity when logging into a system. However, the extra seconds it takes will be well worth it if it deters a potential hacker trying to gain access to your company emails, financial accounts, virtual private network (VPN), and more.
- Installing antivirus software on every digital device. This type of software works behind the scenes to find and remove harmful viruses from a user’s computer. Without this software in place, these viruses can delete or botch sensitive information.
- Regularly backing up everything, from critical data to hardware, software, and firmware. If your computers or network are taken over, having your most important files and data backed up in several different formats not only means that the hackers should have less leverage over you to ask for a ransom but also that you’re likely to get things back up and running sooner.
- Having a process for employees to report suspicious emails and making sure to act on any concerns immediately. Asking your employees to be proactive at the first sign of trouble may keep cyberattackers from getting too deep into your critical systems and sensitive data—or gaining access at all. Even if an investigation of a potential cyberattack turns up no apparent threat, you still may want to err on the side of caution. Take the opportunity to have everyone change passwords, run device and software updates, and conduct backups.
Tip #2: Speaking of employees… make sure they know how to spot a potential cyber threat.
One of the most common avenues that bad actors use to gain access to your company’s systems or data is through your employees. And most of the time, according to Jonathan, employees have no idea that they’ve become an accomplice to a cybercrime. So, he says, it’s extremely important for small business owners to provide employees with cybersecurity awareness training. This training can happen via online webinars, in-person presentations, and even interactive simulations that show in real time what a cyberattack, like phishing or social engineering, might look like.
In addition, training should cover the telltale signs that a computer might be infected with a virus or was taken over by a bad actor. For example, if an employee’s computer is getting flooded with pop-up ads, frequently crashes, or suddenly performs painstakingly slowly, it should be immediately evaluated. Finally, you’ll want to provide your employees with guidance on how to build strong, hack-proof passwords and make sure they are using a variety of passwords for different logins.
Tip #3: Know that you don’t have to take on cybercriminals on your own.
As a small business owner, himself, Jonathan is all too familiar with the notion of trying to have his hands in every single part of the company. But he’s learned that’s just not a realistic way to run his business successfully. In fact, spreading himself too thin and trying to manage things that he isn’t the expert in could actually put his business at risk.
In the same vein, if you or others on your team don’t have the time, knowledge, ability, or bandwidth to stay on top of cybersecurity and other important IT tasks, it might be time to let go of some (or all) of these responsibilities by bringing in an IT services company to support you. Especially considering that just one misstep online has the potential to lead to a serious data breach and substantial financial and reputational repercussions for your small business.
You’ll be happy to know that hiring an IT services company doesn’t have to bust a smaller budget. You can start off by just outsourcing the most critical security tasks or decide to contract them to manage everything, from your cloud services to compliance management and backups.
The key is to find the IT partner who best fits your specific needs, including your budget. Jonathan offers a few criteria you can use to evaluate IT services and cybersecurity companies:
- Did they take the time to explain the IT services they offer and identify ones they think your company would benefit from as well as explain why they think they are necessary?
- Do they have a proven track record of protecting clients from cyber threats?
- Will they help you develop and implement a detailed response and recovery plan in the event a bad actor does penetrate your systems?
- How will they help you stay ahead of emerging cyber threats and trends?
- Will they help facilitate cybersecurity awareness training for your employees?
- Will they set up regular meetings with you to go over your questions and concerns?
Last but not least, Jonathan mentions that working with an IT services company may make a favorable impression on insurance companies, meaning you could have easier access to and better options for critical insurance coverages, like liability and cyber insurance.
We hope these insider tips from FlightPath IT President Jonathan Sheldon have been beneficial. If you’d like more cybersecurity insights like these—and want to get alerts about the latest phone scams, tech glitches, fraudulent domains, and more that could impact your business—follow FlightPath IT on Facebook and LinkedIn.
You can also access more tips from local business owners and industry experts on our Gilbert Insurance blog. Look for this interview with William Cassotis of Lazy River Products, a premier recreational marijuana dispensary, as well as an article featuring Tavern on High restaurant owners Paul Gargano and Ryan O’Connor, where they talk about navigating the rewards and challenges of their industry.
The Gilbert team also wants you to know that we are here to offer our insurance expertise and risk management knowledge to support to your IT business. While you’re busy protecting the valuable assets of other businesses, our team will find the right insurance solutions to safeguard your company from the distinct risks of your industry and profession. Please call us with any questions you have about technology insurance and for help finding broad and affordable coverage.
