While many large businesses suffered breaches, small and medium businesses were an easier target for hackers because of their lack of resources and security expertise. According to Verizon’s 2021 Data Breach Investigations Report, 46% of breaches impacted small and midsize businesses. According to Accenture’s Cost of Cybercrime Study, 43% of cyber attacks are aimed at small businesses, but only 14% are prepared to defend themselves.
Not only does a cyber attack disrupt normal operations, but it may cause damage to important IT assets and infrastructure that can be impossible to recover from without the budget or resources to do so. You can start your journey to cyber security by following the tips below.
1. Ensure that staff receive Cyber Security Awareness Training
Educate employees on potential cyber threats and ways to avoid them. Share the company’s cyber security protocol, all new employees should be trained, and a refresher course should be held at least annually, preferably twice a year for current employees. By mitigating your organization’s risk with an effective cyber awareness program, you can make your employees your first line of defense against cyberattacks.
2. Protect information, computers, and networks from cyber attacks
Keep your security software, web browsers, and operating systems updated with the latest protections. Antivirus and anti-malware protections are frequently revised to target and respond to new cyberthreats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.
3. Install firewall security to block suspicious traffic
Firewalls provide protection against outside cyber attackers by shielding your computer or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet. With the rise of data theft and criminals holding systems hostage, firewalls have become even more important, as they prevent hackers from gaining unauthorized access to your data, emails, systems, and more. A firewall can stop a hacker completely or deter them from choosing an easier target.
4. Create a mobile device management policy
Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password-protect their devices, install anti-virus software, keep software up to date with effective patch management, report loss or stolen devices immediately. The company must restrict use of rooted devices (an Android smartphone or tablet that has been unlocked to customize settings or install unapproved apps), only allow company approved apps, prohibit use of Public Wi-Fi and USB Ports, force backup files and regularly reinforce the mobile device management policy.
5. Make backup copies of important business data and information
It’s important to secure and back up files in case of a data breach or a malware attack. Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the files offline, on an external hard drive or in the cloud.
6. Control physical access to your computers and create user accounts for each employee
Unauthorized individuals should be prevented from potentially gaining access to laptops, PCs, scanners, and other devices the business owns. They should be physically secured when unattended or a physical tracker should be added to recover the device in case of loss or theft. For devices that are used by multiple employees, businesses should consider creating separate user accounts and profiles for additional protection.
7. Secure your Wi-Fi networks
Make sure your wi-fi network is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router, so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. If your employees work remotely, you can protect data by using a VPN (Virtual Private Network).
8. Use best practices on payment cards
Work with your bank or processor to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations based on pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.
9. Limit employee access to data and information, limit authority to install software
Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs and should not be able to install any software without permission.
10. Passwords and authentication
Require employees to use unique passwords and to follow company issued password guidelines. New passwords should not be the same as previous passwords and they should be changed every three months. Implement multi-factor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account.