Security is more important than ever for small and medium-sized businesses (SMBs). The digital age we are living in opens all of us up to constant new security threats, and hackers are continually refining their techniques and finding new targets.
SMBs are one of those targets. SMBs were once rarely targeted by hackers, but according to a recent report, 43% of cyber attacks now target small businesses.
IoT (internet of things) device threats are now a common concern for companies and organizations as they continue to add smart solutions. The wrong person getting access to even one network computer or printer can open your entire network to an attack.
Staying ahead of hackers to keep your business secure and your data safe is a challenge — but not impossible. Here’s what you and your staff can do to protect yourselves as a company.
Security steps your staff can take
Your employees are your company’s biggest asset. They are also your biggest threat to security. Training your employees on security best practices and how to recognize cybersecurity threats should be a top priority for your business.
Here are some tips to kick things off:
Use strong passwords and password protection
Teach your team to follow these tips for creating and protecting strong passwords.
- Use a bare minimum of 8 characters — longer is better
- Use a combination of letters (uppercase and lowercase), numbers, and symbols
- Use a nonsense phrase rather than actual words or phrases
- Avoid using personal information that could easily be guessed (such as birthdays)
- Do not use common and easily guessable passwords such as “password”
- Avoid sequential keywords such as “123456” or “qwerty”
- Do not use the same password on multiple devices
- Do not share passwords or leave them in easily accessible places (such as on a sticky note)
- Change passwords regularly
Consider using a password manager that keeps all passwords encrypted in one secure place.
Lock devices when not in use
Always lock your devices when leaving at the end of the day. This should also be done when they are left alone for extended periods of time during the day, such as meetings and lunch. This includes:
- desktop computers
- flash drives
- external hard drives
- smart phones
Think before clicking
In a phishing scam, an email or text message will appear to be from a reputable company, a customer or vendor contact, or even from someone within your own company. Be on the lookout for:
- Emails asking you to confirm sensitive information such as account numbers or passwords
- An email or website address that looks slightly different than the correct one
- Poor writing, incorrect grammar, or spelling mistakes
- Suspicious attachments or links
- Emails from people or vendors you do not normally correspond with directly or via email/text
When in doubt, delete suspicious emails or texts and no not click on any links.
Think before plugging in
This goes both ways: plugging foreign equipment into company devices and plugging in or otherwise connecting company devices to foreign ports and networks.
Be cautious of connecting personal devices such as USBs and phones to company devices — they could carry viruses or malware the user isn’t even aware of. Public USB ports and WiFi networks pose a similar risk of allowing others to steal information or infect equipment.
Security steps your business can take
Educating your employees is a huge step in the right direction, but there is plenty your business can — and should — implement to protect itself as well.
Develop and enforce security policies
Every company should have a documented security plan that outlines policies and procedures. This should be supported by proper training. If everyone understands how important cybersecurity is and what their responsibilities are, your company becomes a united front against hackers.
Use secure wifi connections
This is similar to our tip warning against using public WiFi networks. Your company needs its own secure network. Use a separate secure network for clients and other visitors at your business — this way they can access the internet without inadvertently infecting your network with any viruses or malware.
Protect your company’s WiFi network with:
- A secure, encrypted WPA (Wi-Fi protected access) password
- A hidden network name (this means people accessing it must know and enter the name)
- A firewall
- A VPN (virtual private network)
Layer security and limit access
Not everyone needs access to everything. Restricting individual people’s access to sensitive information limits the potential for that information to be stolen or altered by hackers.
Add extra layers of protection to your most sensitive information through additional passwords and encryption as well.
These steps help ensure that even in the event of a security breach your most sensitive information will be kept safe.
Back up data
All data should be backed up for protection against data loss in the event of a security breach, hardware failure, or a physical disaster. Backing up data simply means making copies of files and folders so you can easily recover it when necessary.
Back ups should happen on a regularly occurring basis to continually capture new data. Ways to back up your data include:
- Local and network backups – storage on hard drives, tape drives, USB drives, or other devices connected to your network
- Cloud backups – offsite copies on a remote server accessed via the internet
A combination of local, network, and cloud backups is best.
Monitor accounts for suspicious activity
Monitoring your accounts for suspicious activity will help you to spot potential breaches early and stop them before any damage is done. Most accounts can be set up to notify you via email or text message if any suspicious activity occurs, but employees should also be on the lookout for this kind of activity and report it immediately.
Suspicious activity can include things such as:
- A sign in attempt from an unusual location or device
- Configuration changes to files, including replacement, modifications, additions, or deletions
- Abnormal database activity such as changes in users or permissions
Use anti-virus software and firewalls
A firewall is like a shield for your network that monitors incoming and outgoing traffic between the network and the internet. Suspicious activity is isolated and prevented from entering or exiting the network. However, viruses can bypass firewalls through downloads and clicking on links (as with phishing scams).
Antivirus software seeks out and destroys viruses that make it into your system by isolating or deleting them and also warns of possible threats.
New viruses come out all the time, so it’s crucial to update your anti-virus software to keep up. Much anti-virus software is set to update automatically to continually protect against viruses.
The best cybersecurity defense is a good offense
Cybersecurity threats and hacking attempts never stop. Businesses need to plan for attacks to avoid them and to bounce back quickly if they are hit.
An experienced IT consultant can make sure every step is taken to protect your network and its data so you can focus on growing your business.