Small businesses are becoming a bigger target for cyber-criminals.
According to the Ponemon Institute Research Report, 61% of small businesses were attacked from October 2016 to September 2017, and 54% experienced data breaches involving customer and employee information. Both numbers were up from the previous 12 months.
If you own one of America’s 28 million small businesses, here are 15 minimally expensive steps you can take right now to strengthen your cybersecurity and protect your business.
1) Secure your Wi-Fi Network: One of the easiest ways for cybercriminals to hack your network is via Wi-Fi. Defend against this by hiding your Wi-Fi network to all non-authorized personnel. To hide your Wi-Fi network, set up an encrypted wireless access point and disable outside network access.
2) Enable HTTPs: Used by financial institutions, “HTTPs” are more secure versions of traditional “HTTP” websites. HTTPs have an SSL/TLS Certificate installed onto their servers that encrypt all communications between your browser and website, ensuring that customer information, such as credit card numbers, cannot be intercepted.
3) Update Your Password: Frustrating? Yes. But demanding employees change their password frequently mitigates the damage is case their original code has been stolen. Strong passwords contain at least 10 characters and include numbers, symbols and upper and lowercase letters. Employees should never write down their passwords or use the same password for multiple company applications.
4) Minimize Password Attempts: Did you know there’s software that can guess your password in a matter of minutes? Guard against this by reducing the number of incorrect passwords an employee can enter. If that number is reached, temporarily freeze the employee’s access until you can verify there was no attempted breach of your network.
5) Multi-Factor Authentication: Another way to secure your network is by enabling multi-factor authentication, which requires more than one method of authentication to verify a user’s identity. Make sure vendors that handle your data also use multi-factor authentication.
6) Update Software: Hackers can enter your network through outdated browsers and applications, so make sure your entire staff is using the most current software available. For the same reason, make sure employees who use mobile devices for work are diligent about downloading the most updated apps and operating systems.
7) Safeguard Payment Cards: Contact your credit card processors to make sure they’re employing the most stringent tools and anti-fraud services to protect your customers’ credit card and/or other financial data.
8) Limit Access to Network: Instruct employees to lock their machines when they’re not using them and establish security checkpoints to inhibit non-authorized personnel from gaining access to areas of the building in which they do not belong.
9) Limit Access to Data and Software: For the same reason you wouldn’t give all of your friends a key to your house, you shouldn’t give employees access to data or software that isn’t germane to their jobs. This will help keep your security tight, as well as troubleshoot any security issues that may materialize.
10) Back Up Data: Frequently back up all essential data and documents and store copies in a different location than the original, such as an external hard drive or the cloud. This will allow you to easily recover data that’s been lost or stolen.
11) Phishing Prevention: Phishing scams affect thousands of organizations every month. Train employees to never open attachments or click links in emails from unrecognized senders, who could be hackers looking to install malware onto your computer.
12) Encourage Open Dialogue: If your employees detect anything suspicious, whether it’s a potential phishing attack or a watering hole, urge them to report it immediately. Senior management should then investigate the incident and, if necessary, notify the entire organization, because chances are multiple employees have been targeted.
13) Social Security: Employees often turn to social media platforms like Facebook and Twitter to blow off steam. In some cases, they may not be aware that they’re divulging trade secrets or sensitive information. Make sure you educate them about what they cannot say on social media — and hold them accountable for breaking the rules.
14) Ban Working in Public Areas: While parks and coffeeshops may seem like harmless places to work remotely, they can actually be quite dangerous. You never know who’s sitting right next to you, sneaking peeks at your computer or eavesdropping on your phone conversation. When it comes to cybersecurity, you can never be too paranoid.
15) Rapid Response Protocol: If your business has been attacked, you don’t want to be caught flat-footed. Develop a proactive plan for how to quickly and effectively respond. Engaging the services of a cybersecurity expert like BrevAll Technologies is always a smart first step.