Cyber Security Best Practice for Small Business Owners
Regularly Backup All Important Data
As a small business, losing your data can be a nightmare. To save yourself time, money, and even your livelihood, you should be prepared with a backup strategy. But where do you start? It all begins with asking a few simple questions such as;
- What kind of backup do I need? When disaster strikes, you need to figure out whether your business needs to restore, recover or maintain services. This will help you determine whether you need to store your data on-site, in the cloud, or a hybrid mix of both.
- What needs to be backed up? In short, everything. Or at least, your most critical data. Depending on time and storage space, there are three main types of backup – full, incremental, and differential.
- What are you protecting against? If it’s just files you’re worried about, a full image-backup doesn’t make sense. But if it’s your whole system – you need to think bigger.
- What’s my Recovery Time Objective (RTO)? That is, in the event of a data disaster, how long can you go before you business suffers?
Answering questions like these are the first step in understanding what strategy works best for you. It can be a tricky process to wrap your head around, but luckily there are many IT service providers who offer you the guidance you need.
All employees accessing the network should be trained on network security policies. Hold employees accountable by having each of them sign a document stating that they have been informed of the policies and understand that actions may be taken if they do not follow security procedures. Since policies are evolving as cybercriminals become savvier, it’s important to have regular updates on protocols.
Watch what you post
When it comes to social media, the biggest security issue is spear fishing. And no, it’s not a sport – it’s a scam. Basically, it involves being sent an email that looks like it’s from a business or someone you know. It will often be highly personalised, addressed to you with your position, company, work phone number and other customised information. These emails will push you to open up a nasty URL or attachment, or ask for your banking details and passwords.
But where do these fraudsters get all this info? Usually from social media sites like LinkedIn, Facebook, and Twitter. That’s why you should never post sensitive personal or business information on these platforms. To tighten your defences, make sure you regularly train your staff and invest in quality software solutions that catch out malicious emails.
Password management strategy
You might never have to deal with cyber-terrorism. But the reality is, it exists – and not even small businesses are completely safe. And one of the main reasons for breaches (76% in fact comes down to weak passwords.
So how do you counter the threats? Simple – create a solid password management strategy. Like most businesses, you probably have a long list of accounts and services you use, all of which require a password. That’s where password management software comes into play. It not only stores your passwords, but it generates strong ones to be used for all personal and business sites.
However, as secure as password software is, you should still be wary. In 2015, LastPass was hacked, exposing emails and encrypted master passwords. So before you choose your software, ask around and do your research.
Use multi factor authentication
As a small business, you’re likely using cloud services. And you now know that passwords don’t offer complete security by themselves. That’s why it’s worth using the power of two-factor authentication (2FA).
How does 2FA work? Basically, it’s a two-step verification process that requires not just a username and password, but also a piece of information that only the user gets given – such as a code sent to their mobile phone. This extra layer of protection makes it harder for hackers to gain access to sensitive information.
The easy part is, most cloud services and social networking sites give you the option of 2FA. It’s not always enabled by default, so make sure you find out how to turn this function on. If you’re worried about this extra step being time-consuming or complex – don’t be. It’s a small security measure with big benefits.
Protect your Wi-Fi
This can be an easy one to skip. But if you have a Wi-Fi network, it’s really important to make sure it’s secure, encrypted and hidden – otherwise you’re opening up your network to hackers who can access company files, online accounts and private information.
Remember what happened to Jared Hayne? His presentation was hijacked at a local high school and pornographic images were shown on the big screen. While everyone assumed it was from Hayne’s computer, he had simply been hacked. That’s just one example.
So how can your boost your Wi-Fi privacy? Some simple things you can do are to change the router’s default administration password, configure it to use WPA2 encryption, keep its firmware updated, use a strong passphrase, and physically secure your router.
Protect your website
Whatever CMS (Content Management System) you’re using, hackers can find sneaky ways to analyse loopholes and get inside your system. The good news is, there are also ways to make your CMS as secure as possible. Here are few simple tips:
- Get rid of front-end login. Many CMS attacks happen through front-end login. The solution? Allow those who need access to your CMS do in through the back-end admin screen.
- Don’t use default admin. The default username of ‘admin’ is all too common. To boost your security, come up with a unique ID instead.
- Hide the ‘wp-includes’ folder. If you’re using WordPress, the ‘wp-includes’ folder is often accessible to the public. This means it’s ripe for hacking. To counter this, simply add a blank ‘index.html’ file to the folder.
- Be wary of add-ons. While plugins, themes and add-ons are natural parts of the CMS experience, not all of them are safe. Some might have the capacity to access your CMS backdoor. The best way around this is to do your research before adding anything.
- Other methods to consider include keeping your systems updated, regularly scanning your files, and using spamming protection software.
Get your data insured
Sometimes you simply can’t stop a disaster from happening. But you can certainly be prepared for one. Much of the business world has moved online, so it’s no surprise that cyber insurance is becoming increasingly popular.
For small businesses, it adds an extra layer of security. Basically, added peace of mind for when things go south. Depending on your insurer and the policy you take out, you can get cover for business for data liability, interruptions, restoration, ransom payments and more.
Before you decide on the level cyber insurance you need, weigh up the risks for your data. What would happen in the event of a security breach? How long can your business be out of action? Do your clients need 24/7 access to your services? Put simply – the greater the risks, the greater the need for insurance.
Install anti-malware software
While most of us think we’d never open phishing emails, the Verizon 2016 Data Breach Investigations Report found that 30 percent of employees opened phishing emails, up 7 percent from 2015. When employees open phishing emails, malware is automatically installed on their computer. Anti-malware software is crucial for all devices on the network.
Use a firewall
All SMBs should set up a firewall to provide a barrier between their data and cybercriminals. This is one of the first lines of defense against cyber-attacks. In addition to the standard external firewall, many companies are starting to install internal firewalls in addition to standard external ones to provide an additional layer of protection. For employees who work from home, consider providing firewall software and support for their home networks to ensure compliance.