Cybersecurity is an important subject for businesses of all sizes. This fact has been emphasized by the recent media attention, but it has been a major concern of ours for a long time. Sometimes small businesses struggle with the idea of implementing a cyber security plan because of the additional perceived costs. If done right, these costs can be minimal and more importantly, the cost of having a security breach can be avoided.
Here are a few tips to help your small business:
Train your employees
Make sure your employees understand the consequences of their behavior. Teach them to protect customer, business, and private data. Make sure they know about email risks and danger.
Update your software, PCs, servers, and devices
Keep all your equipment up to date with the latest updates and firmware. This includes routers, switches, wireless APs, PCs, servers, tablets, phones, printers, etc. Anything that is connected to your network and that has access to your systems should be regularly updated.
Protect your network
Make sure you have a Firewall or preferably some type of UTM (unified threat management) system in place, configured and functioning. I strongly advise against using only the device that your ISP (internet service provider) provides.
Backup! Backup! Backup! This is an often missed yet crucial part of cybersecurity. If you are breached by a hacker, malware or ransomware they may delete all your data. This can cripple or destroy a small business. Make sure you have multiple backup systems and that you regularly check to make sure they are doing the job.
Make sure your wireless is secure. You should be using WPA2-PSK at a minimum. If you have guest wireless, make sure that it is encrypted as well. If you don’t have guest wireless, think about installing it and freely giving it to your employees for their personal devices. It will minimize the risk of password sharing, and a properly setup guest system can limit traffic, so they are not taking up all of your valuable bandwidth. Make sure the guest wireless does not access your business network.
Control physical access to computers and servers. Make sure each employee has a unique login. Make sure they only have access to the software and data that they need to do their job. Do not allow them to install software.
Use strong passwords
You are probably tired of hearing about strong passwords. I know I am tired of talking about it. It is an important part of cybersecurity, though. There are a number of tools available to create complex passwords you can remember, or there are password managers that allow you to have very complex unique passwords for all your systems with very little inconvenience. If your system allows for the use of multifactor authentication, use it!
Make sure your endpoints have security software
All you PCs, tablets, phones and servers should have some level of security software installed on them. Free software is acceptable at home (although I recommend using a known security company) but it is not adequate for your business. You should also have software with some type of central monitoring so you can keep tabs on your devices.
Make a mobile device plan
If you allow personal and mobile devices access to your business data and email, make sure you have a plan for lost or stolen devices. All of these devices should have passwords, be encrypted and have security software installed.