Cybersecurity 101 – Understand What You’re Up Against
According to a CNBC poll, 59% of small business owners believe they are ready to “quickly resolve” a cyberattack. For the most part, this is misplaced confidence. Many small businesses that come to us after an attack are not following the best practices outlined above. There’s also a lack of understanding about the nature of threat.
Cybercrime is a form of modern war
You aren’t dealing with tech-savvy teenagers who want to play a prank. Even an amateur can send a convincing phishing email that unleashes a potent virus. Then there are the professionals and nation-state threat actors who are backed by multi-million-dollar budgets.
“Cybercrime for Dummies” isn’t enough
You could leaf through a copy of the book (yes, it really exists), or enroll in a Cybersecurity for Beginners course. It won’t help when you’re swept up in a large-scale, professional attack like SolarWinds. To go toe-to-toe with today’s hacker class, you want a team of cybersecurity experts.
Offload responsibility to a cybersecurity service provider
Along with unfathomable budgets, criminals continually branch out into new nefarious realms. To pick the best cybersecurity programs and tools, you need to have deep knowledge of malware attacks, phishing scams and other activities hackers deploy. You don’t have time to track that, implement a solution and manage it – but a cybersecurity service provider does.
Protecting your business is a choice – what will you decide?
The cybersecurity business divide has nothing to do with size. Small businesses are attacked all the time. It’s between organizations that put in place preventative, protective measures and those that don’t. You want to be the former.
10 Common Sense Cybersecurity Best Practices:
Here are 10 essentially common sense cybersecurity best practices published by the Federal Communications Commission for Small Businesses:
1. Train employees in security principles
Establish basic practices cybersecurity training to protect sensitive business information and communicate them to all employees on a regular basis. Establish rules of behavior describing how to handle and protect customer information and other vital data. Clearly spell out the penalties for violating business policies.
2. Protect information, computers and networks from viruses, spyware and other malicious code
Install, use and regularly update antivirus and antispyware software on every computer used in your business. Such software is readily available online from a variety of vendors. Most software packages now offer subscriptions to “security service” applications, which provide additional layers of protection. Set the antivirus software to automatically check for updates at a scheduled time of low computer usage, such as at night (midnight, for example), and then set the software to do a scan after the software update.
3. Provide firewall security for your Internet connection
A firewall is set of related programs that prevent outsiders from accessing data on a private network. Install and maintain firewalls between your internal network and the Internet. If employees work from home, ensure that their home systems are protected by firewalls. Install firewalls on all computers – including laptops – used in conducting your business.
4. Download and install software updates for your operating systems and applications as they become available
All operating system vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install such updates automatically.
5. Make backup copies of important business data and information
Regularly backup the data on every computer used in your business. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files and accounts receivable/payable files. Backup data automatically if possible, or at least weekly.
6. Control physical access to your computers and network components
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft, so make sure they are stored and locked up when unattended.
7. Secure your Wi-Fi networks If you have a Wi-Fi network for your workplace make sure it is secure and hidden
To hide your Wi-Fi network, set-up your wireless access point or router so it does not broadcast the network name also known as the Service Set Identifier (SSID). In addition, make sure to turn on the encryption so that passwords are required for access. Lastly, it is critical to change the administrative password that was on the device when it was first purchased.
8. Require individual user accounts for each employee
Setup a separate account for each individual and require that strong passwords be used for each account. Administrative privileges should only be given to trusted IT staff and key personnel.
9. Limit employee access to data and information, and limit authority to install software
Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.
10. Regularly change passwords
Passwords that stay the same, will, over time, be shared and become common knowledge to coworkers and can be easily hacked. Passwords should be changed at least every three months as part of an identity-based management strategy.
Contact us today for a cybersecurity risk assessment
The evaluation will zero in on your vulnerabilities. We’ll review the results with you, make and prioritize recommendations, then build out a plan tailored to your risks and budget. You won’t find that in Cybersecurity for Dummies.