When we hear of cybersecurity incidents and data breaches, it’s usually large, well-known companies who dominate the headlines. But that doesn’t mean that small businesses are immune to such attacks. In fact, a 2019 study by Verizon found that more than 43% of cyber-attacks target small businesses. These attacks can cause companies to lose customers and money, and in some cases can even cause them to go out of business. Because of this, it’s extremely important for small business owners to be vigilant and proactive in order to help prevent these types of attacks. It’s also worthwhile to have a plan in place for dealing with a breach, so that your business can act fast and successfully recover from any attacks you are ultimately unable to stop.
Here are some tips to consider:
Protect Your Company’s Files and Devices
- Update any apps, browsers, and operating systems that your business uses regularly. A good rule of thumb is to set these to update automatically whenever possible.
- Ensure that your business files are backed up. You can either keep backups offline, on an external hard drive, or stored in the cloud.
- Always require passwords for all laptops, smartphones, and tablets that you and your employees use. Ensure that your staff understands the importance of keeping such passwords private, and that they should always avoid leaving their company devices in public areas.
- Encrypt company devices and files that contain sensitive information. Also, consider encryption for any device that accesses your network remotely.
- Change settings on company smartphones and devices so that they do not automatically connect to public Wi-Fi. Ensure that your employees know the dangers associated with using public Wi-Fi for business purposes.
- Whenever possible, have your staff use multi-factor authentication when logging into the systems that your business uses. This type of authentication requires additional steps beyond just a password for access.
- Make sure that all company devices have up-to-date antivirus software installed.
Protect Your Network
- Secure any internet routers that your business uses. If you haven’t already done so, change the default name and password on your routers. Also be sure to turn off “remote management” and log out as “administrator” once you have set up your router.
- Use either WPA2 or WPA3 encryption on your routers to prevent outsiders from reading information sent over the network. If you only see an option for using WEP or WPA, try to do a firmware update on your router. After doing so, if you still don’t see an option for WPA2 or WPA3, your best bet is to buy a new, updated router.
- When employees access your network remotely, require that they also use WPA2 or WPA3 encryption. You should only allow the use of public networks in conjunction with using a virtual private network. Employees can obtain a VPN from a provider, or you may hire a vendor to create one for your business.
- Include cybersecurity provisions in your contracts with vendors, especially those who will have access to your network.
- Keep the Wi-Fi you offer to guests separate from the Wi-Fi that your employees use.
Incorporate Cybersecurity into Your Business Strategy
Cybersecurity should be part of your overall business strategy. When you examine the potential risks of financial loss, competitive changes, and loss of critical employees, examine cybersecurity threats as well. When you evaluate processes, also look at technology processes. Develop and implement a strategy for best practices around cybersecurity. The Federal Communications Commission offers a cybersecurity planning tool to help business owners develop a customized plan, and the Department of Homeland Security offers an assessment tool that you can use to help evaluate your company’s existing cybersecurity practices.
One area to establish a best practice in, is your company’s use of passwords. Consider setting a formal policy for all company-related logins. Strong passwords are generally considered to be 12 characters or longer and include numbers, symbols, and capital and lowercase letters. Passwords should also be changed frequently, should never be reused, and should never be sent over email or text. If possible, it’s also a good idea to limit the number of unsuccessful login attempts on systems and platforms that your employees log into. Doing so will help prevent password-guessing attacks.
Training employees is also vital. Teach your employees to recognize phishing attacks. Update them regularly on new scams and how to avoid them. Keep cybersecurity in their minds by including best practices and tips in company newsletters or emails. Develop a cybersecurity policy and distribute it to employees.
Develop a Recovery Plan
Even if you have done everything in your power to prevent a breach, it’s possible that your business could still be attacked. Develop a plan for saving data, running your business, and notifying customers if a breach occurs. Most states have passed laws requiring businesses to notify customers or law enforcement if breaches occur. Familiarize yourself with the policies in Massachusetts and Rhode Island, or any other states that you do business in.
In this day and age, businesses and consumers alike must be poised to defend against cyber-attacks. By taking some time now to ensure your small business is operating with cybersecurity in mind, you’ll have a better chance of preventing and recovering from cyber incidents and data breaches.
For more cybersecurity tips and news, please visit the BankFive Security Center at https://www.bankfive.com/Resources/Learning/Security.