Online Security Advice
Rev. Mar 8th 2021
Many small businesses are very reliant on technology but don’t have the resources for an extensive cybersecurity plan. Below are eight relatively easy steps that small businesses can take to greatly enhance cybersecurity and reduce cyber risk. Remember, in cybersecurity, you don’t have to outrun the bear, just outrun the business next to you.
Step 1. Limit Access
Keep networking equipment behind locked doors or cabinets. Make this equipment accessible to authorized individuals only. Password protect all computers.
Step 2. Password Integrity
Require passwords that include letters, numbers, symbols, case sensitivity, and length. Passwords should be changed often and not allowed to repeat.
Step 3. Email Security
Email can be hacked so that faked emails will appear to be from within your organization. Spam filtering software and locking down your email server, Gmail, or Office 365 settings can help secure your email. Lock your email so only authenticated users (your employees and trusted partners) can send email from your organization. If you are going to allow access to email through the web portal, then require two-factor authentication (i.e. password + a text message, etc.). Office 365 and Gmail both have this feature, and it is not difficult to configure.
Step 4. Secure Wi-Fi
Unsecured Wi-Fi keeps your network open to hackers, so rotate Wi-Fi passwords. Segment guest and corporate wireless networks to ensure network security and consider limiting guest network session lengths.
Step 5. Create Security Policies
Security policies are useless unless documented. Document security requirements (like those listed above) needed to keep your information and employees safe, then test and implement.
Step 6. Educate and Hold Employees Accountable
Clear expectations go a long way. Your employees should know your security policies and why they exist. Hold meetings to review new policies so your employees understand that this is an important area. Talk about email or text scams so that everyone is aware. Try to create an environment where your employees know they can tell you if they think they have clicked or downloaded something that is not safe. You don’t want your employees to be afraid to tell you they made a mistake.
Step 7. Backup Data
Data backup is your safety net. Have a system in place for your IT infrastructure backups and test them. Cloud-based or on-premise, you can handle backups and data storage yourself or have them managed for you. Managed solutions are typically priced by the size of your files and have the advantage of being off-premise. A more budget-friendly and easy backup method, especially for smaller shops, is to purchase a USB hard drive (Walmart, Best Buy, etc.) and use free software such as Backupper or Cobian (there are many of these available) to replicate your files daily or weekly.
Step 8. Cover the Basics: Anti-Virus, Firewall, Anti-Spyware, Encryption, and Anti-Malware
Proper network equipment and components are important to keep you secure. You want appropriate, consistent ways to secure endpoints and keep an eye on them. Options exist to manage, check, and patch end-point software all from one console. Free software packages are typically packed with ads or even malware. This is one area where paying $25-$35 a year per device probably makes sense. The effectiveness and efficiency of these programs tends to change, so it is a good area to look at annually. This year, my personal favorites are ESET or Bullguard.
From there, maintain, maintain, maintain. Your systems are only as secure as your last patch, update, and end users. Use only software that’s in active development or currently supported. Keep track of technology inventory and life cycle. Whether you handle this in-house or outsource it, run patches and upgrade regularly.