Every day we hear about cyber-attacks affecting large corporations, but small and medium-sized businesses are hardly ever mentioned. Do you have the impression that small to midsized companies are safer? The reality is that cyber-attacks often target small to medium-sized businesses and 83% of companies that size have no cybersecurity plan. While risk can never be completely mitigated, it’s important for business leadership to be proactive. Here are our top five tips for developing a proactive cybersecurity plan for your small to medium-sized business.
Whether a natural disaster, a determined hacker or an everyday virus, bad things happen. No company is immune. Backing up your data on a regular basis is not negotiable. Think about all the critical company data you are collecting in a computer, in a server, in a smartphone and in the cloud. Every access point adds another layer of vulnerability. In the event of a loss, hardware is easy to replace, but it will take a complete back-up to restore your business-critical systems. Systems, not just data; that’s software and data together. Without both, it will take precious days and wads of cash to get your business back up and running again. That means days of money going out and little to nothing coming in.
Back-ups should be automatic. Back-ups should be tested and verified for integrity. Back-ups should be stored in a protected location, whether physical, virtual or both. In addition, every small business should have a continuity plan that establishes recovery tasks in the event of system breach and/or data loss. Your plan should include a prioritized list of how to get business systems back up and running and who holds the responsibility for notification and completion of each task.
Due to limited resources, small businesses may rely on free anti-virus software. Free software will provide a limited amount of protection and leaves your business at risk. Instead, adopt a security solution that will manage and monitor devices and enforce your preferred security settings at a low cost. Remember, any device that connects to your company’s network presents a vulnerability. This includes smartphones! Even devices that connect from remote locations require the same level of protection as those inside the office. Remember to automate your protection by setting up the scanning task to run automatically on a regular basis. You’ll still want to routinely check software logs for identified threats and to clear virus vaults and logs.
Small businesses shouldn’t assume that employees know how to maintain secure devices.
Security policies and practices should be put in writing so that employees are informed of expectations and understand how to meet them. If your company uses an IT advisor, then maintaining hardware, software, security patches and basic housekeeping services may be included. If not, policies should include information on software maintenance and schedules for all devices, including daily antivirus scans and malware scans. Don’t forget about regularly cleaning up the C drive and running a defragging program, especially if your computer doesn’t use a solid-state drive. Disk cleanup is recommended every week along with a monthly defragging. For business devices used outside the office, remind employees to shut off wi-fi and Bluetooth services when not in use to prevent malicious access by other people and devices in close proximity.
Cyber-attacks can take many forms including email attachments and links that, when clicked, install a virus or other malware on your computer. The best way to defend your company is to be alert to potential vulnerabilities and train employees on how to spot suspicious content. Malicious email can easily trick employees and infect devices, which is why it’s so important to know the red flags. The root cause of 52% of all security breaches is human error. Cybersecurity education is an important piece to a layered security approach. The more knowledgeable your employees, the harder it is for malicious content to gain access to your critical business information. Free cybersecurity awareness training is available online.
If you receive a suspicious-looking email, always examine the sender email address to see if it’s coming from a legitimate source. If the body of the email looks sloppy and has grammatical errors, immediately mark it as spam and delete the email. Be on the lookout for long strings of unconnected letters and numbers when you hover over a web address without clicking on it, because the link could lead you to a suspicious web page. Financial institutions, credit card issuers and utility provider emails should never ask you for sensitive or personal information. Any e-mail asking for this type of information should be a red flag. Pop-up ads should never be clicked on and should be closed immediately. Educate your employees to recognize the red flags to keep business information safe.
Hacking software can test up to 10 billion password combinations in seconds, which means no password is safe. It’s difficult to keep track of all passwords, make sure they’re strong enough and that the same password isn’t being used more than once. Consider investing in a password manager. A password manager will ensure password quality and maintain all company passwords. Not only does this protect against hacking, but it makes transitions much easier when no single employee controls company passwords.
Digitizing company data is only a good idea if businesses protect and maintain their technology. You wouldn’t leave your files open and not lock the office door, right? If this all sounds like gibberish, find yourself a professional IT partner and let them help you set up a system for back-ups, security solutions and best practices for cybersecurity. Curious about potential vulnerabilities in your business? A local IT provider can scan your business network and provide prioritized recommendations for remediation. Call us at 610-865-8182 if you need help. We will be happy to recommend an IT company in your area that we trust.