Cybersecurity best practices are crucial to keeping your small business safe. Regardless of your role in the company, whether you’re in charge of client communications or handling IT, cybersecurity is something everyone in the organization plays a part in. And to start, all you need to know are the basics.
Implement A Yearly Cybersecurity Training Program
The human element is something that cannot be overlooked as a critical component of cybersecurity for small businesses. An effective cybersecurity strategy must include employee training and awareness programs that make it clear how important cybersecurity is to the overall health of the company.
Small businesses are the target of more than half of all cyberattacks, and about 60 percent of small businesses go out of business within six months of being hacked.
A phishing email is a fraudulent message that tries to get you to click on a bad link or reveal personal information by pretending to be from a trusted source. These emails can usually be spotted because they often have typos, a false sense of urgency in the language, and don’t have the correct sender email domain. It is vital that your employees know how to spot phishing emails and don’t give out business information to the wrong parties.
Backup Important Data
You are probably aware of the importance of backing up your data to prevent data loss. This can take many forms, from simply copying your files onto an external hard drive or USB storage device, to using cloud software like Dropbox, Google Drive, and OneDrive. There are also more sophisticated data backup solutions available for small businesses that need to backup all of their computers at once, as well as critical servers.
Something we would recommend is moving your business’s data over to cloud backups, as they are safer, a lot less time consuming, and allow you to backup and restore from any device.
Use Firewalls & Antivirus
A firewall is akin to an electronic gatekeeper that keeps track of all the traffic entering and leaving your computer or network. Firewalls can be implemented in both hardware and software, or a combination of both.
You should also regularly scan your computers with antivirus software. Viruses often enter the network through email attachments or websites. In addition to traditional antivirus such as Webroot or McAfee, there is a newer category of software called endpoint detection & response (EDR) that is more sophisticated and can detect threats in real-time based on user behavior instead of traditional scanning.
Update Your Software/Firmware
The longer a piece of hardware or software is on the market, there will always be new vulnerabilities that arise. Fortunately, software and hardware vendors make bug fixes that close vulnerabilities. These bug fixes are released as updates or patches. Some patches are optional. Others — like security patches — need to be installed right away.
Software updates can usually be found through the program itself. There will usually be an option to enable automatic updates or check for updates in the settings. A software program that lives on a piece of physical hardware and is required for it to function is called firmware. Firmware will come pre-installed on a piece of hardware, but it may not be the latest version. Check the manufacturer’s website for your device to see if there are any firmware updates that have been released since the product was introduced.
Monitor Your Network
When your network is initially set up by you or a managed service provider (MSP), a map of the network and all of its devices should be created and modified whenever something new is added or something old is decommissioned.
At Shartega, we use cloud-based networking management software called Auvik to monitor our network and the networks and devices at all of our client sites.
Use Strong Passwords
Using strong passwords and multi-factor authentication to log in is something that we highly recommend. It may seem daunting to have to create and remember passwords for hundreds of different sites, but all you need is a password manager extension for your web browser.
We use LastPass, and others include 1Password and Bitwarden. These extensions will save all of your passwords in a vault that you can use across your devices. They also can generate complex new passwords with numbers and special characters whenever you create an account on a new site.
Physical Security Measures
Physical attacks on computer equipment can consist of stealing, damaging or just looking at your network data. A physical attack can be as simple as someone walking into your office and taking your laptop or could be as large scale as someone blasting through a wall with dynamite in order to grab your data.
Physical security measures include access control, video surveillance, locking down racks and cages for servers, implementing a clean desk policy for employees, and having proper lighting indoors and outside your office.
Now that you’ve learned the basics of cybersecurity, you should be well-equipped to start carrying out some of these best practices within your business.
If you don’t know where to start—or would rather have someone else do all of this for you—schedule a meeting with us! We’d be glad to handle it for you.