Fresh off the heels of Cybersecurity Awareness month in October, we’ve gathered some tips that are especially relevant today for small businesses as they navigate through the active threat landscape that exists today.
You might think that because you have a small business and only have a few employees, it’s safe to assume that cyberattacks are not something you need to worry about. But the reality is that smaller companies are often targeted by cybercriminals more frequently than larger ones. In fact, according to Juniper Research, smaller businesses accounted for 51% of all successful data breaches in 2019.
The world is changing and so is the way we do business. The internet has made it possible for anyone to start their own business and sell products or services to people anywhere in the world. In fact, many businesses are now using digital platforms like Facebook, Instagram, and even Twitter to reach out to consumers directly. The problem is that these platforms barely offer security protections against cyberattacks. So what happens is if someone gets access to your login details through any of these social media channels or emails then they have complete control over your company’s data including confidential information such as credit card numbers, bank account details, or even passwords!
Create a cybersecurity policy.
The world of cybersecurity is a complicated one, and it can be difficult to know which steps to take. One of the best things you can do as a small business owner is creating a cybersecurity policy, which will outline your company’s approach to protecting its data and assets. A good place to start is by making sure everyone understands the basics: what does “cybersecurity” mean? How does it impact your company? What are some common threats that could pose a risk to your business’ security?
A useful model for creating a cybersecurity policy should start with these three simple questions:
- What do we want people who work here to do or not do when they use computers/mobile devices at our premises?
- How can we ensure they comply?
- What’s the plan if something does go wrong?
Dispose of data safely.
When it comes time to toss away old papers or get rid of a hard drive, it’s important to do it so safely. There are a number of professional shredding and disposal companies that can help you remain compliant and will come to your location to collect the items for destruction.
Secure your Wi-Fi network.
Internally, you should use a strong password for your Wi-Fi network and turn off guest access. Even better, use a VPN to encrypt all data going over your network and use it to connect remotely to the Internet. You should also install an updated firewall that can help detect and block threats that try to access your systems from the Internet or other networks, even if they are using unknown ports.
Use strong, unique passwords for all accounts.
You should use strong, unique passwords for all your accounts. It is important that you do not use the same password multiple times or share your passwords with anyone. You can use a password manager to help you keep track of all your various logins.
A good rule of thumb is to have at least one capital letter, one lowercase letter, and one number in each password (for example “p@55word”). The more random characters you add to your password, the better!
Require two-factor authentication for sensitive or privileged information.
Two-factor authentication is a method of verifying your identity that requires two forms of identification, usually something you know (your password) and something you have (your phone or token). This additional layer of security is more secure than one-factor authentication methods like passwords, as it makes it harder for someone to impersonate you.
You can require two-factor authentication for sensitive or privileged information, such as access to the company’s online banking account or emails sent by employees in sensitive positions.
Install updates regularly.
Install updates as soon as they become available, and do it often. Many software companies release security updates daily. This can help your business avoid the latest security vulnerabilities, malware, and viruses that are constantly being discovered and developed by hackers.
Train your employees.
Security is a team effort. You should train and educate all of your employees on cybersecurity risks and best practices. Teach them about phishing and spear phishing, ransomware, social engineering, and data loss prevention and what they can do to protect themselves and the rest of the company from an attack.
Protecting your business from cyberattacks is an ongoing process. It requires vigilance and a commitment to regular updates, training, and testing. The tips we’ve discussed here should be used as a baseline for your cybersecurity strategy. However, they won’t protect you in every scenario or against every attack that comes along. That’s why it’s so important to have experienced IT professionals on hand who can work with you to develop strategies that fit your company’s needs and keep up with any new developments in the field as time goes on.