Cybercriminals prey on businesses of all sizes, and it’s estimated that 22% of small businesses have been victims of a cyber-attack. Given the vast number of small businesses in only the United States, there is an astounding number of victims. With the rapid technological advances that have changed the business landscape substantially, the attack surface for even small businesses only continues to widen.
Why You Should Worry
As if those numbers aren’t troublesome enough, most cyber-attacks are not one-and-done situations. Many specific types of threats are referred to as advanced persistent threats because they remain active in your system. This can allow the attacker to repeatedly access your networks and even mobile devices to wreak more havoc, or it could be a constant funnel of your business’s information that they can turn on and off at will.
To ensure that your small business is protected, you must have a cybersecurity policy, but it can be difficult to determine where to begin. Don’t worry; we’ll outline straightforward steps you can take to get started.
Communicate Your Plan
All of your employees need to be familiar with your cybersecurity policy. It’s even more beneficial if they understand the why behind the restrictions and protections that you have in place. These policies will protect your employees’ personal information just as much as your customers, and they will be more likely to comply with them if they understand the risks you, as business owners, face.
Secure Your WiFi Network
Make sure that your wireless network is password protected. WPA2 encryption is the bare minimum acceptable standard, but even that is not enough to fully secure your network. Hide your SSID from public view, and only provide the network name to your employees. Enabling the firewall on your router is another important and necessary step to protect your business.
Always Install Software Updates
Whether we’re talking about device operating system updates, web browsers, or enterprise software, the most up-to-date version should always be installed. While you strive to distinguish your small business from competitors, the last thing you need is a data breach. Security threats are always evolving, and as they change, software updates provide the most current protection for your systems, at least from known vulnerabilities.
The Importance of Access Control
Just like you absolutely must secure your wireless networks with a password, every system or device should also require a password to access it. This layer of security is often overlooked, and many password policies are criminally lax. A weak password is just as bad as not having one at all. Every small business should consider a handful of basic steps regarding logical access control.
So how do you construct a strong password? Well, passphrases are inherently more difficult to brute force than a password, and there is the added benefit of them being easier to remember. Incorporating lowercase, uppercase, numeric, and special characters into the phrase are also critical. As a business owner, you should also set time limits on your required passphrases. This forces your staff to change their passphrases regularly. Passwords or phrases should also be different for each system your employees need to access, so if one is compromised, it is not total access to the entire network provided to the intruder.
With all those passwords, it’s important to consider how your employees will remember or store them. Relying on memory alone will result in easily guessed or cracked passwords, and the best solution is to mandate or strongly encourage the use of a password vault or password manager. This standalone application uses its own security encryption to store all your passwords. Many offer the option of biometric access and multi-factor authentication.
On the topic of multi-factor authentication, this is something that you should consider for use on each access point in your network. Multiple options exist, such as email delivered codes, SMS delivered codes or a separate authenticator app. It is up to your own personal preference which method you choose.
Role-based Access Control
Network segmentation is a more complex topic than is fair to discuss when discussing cybersecurity basics for small businesses. Still, role-based access control is easy to implement and push forward with as you progress in your efforts. Think of your operating systems as you would physical accounts and documents. Should accounting personnel access original copies of inventory control or shipping documents and vice versa? Establish “roles” within your network for major job titles and assign them appropriate access for their duties and nothing more. That is a major step toward a more secure cybersecurity posture and a healthy move to limit the risk of insider fraud.
This may seem like a lot of unnecessary work, especially if your enterprise doesn’t deal with the technology space. Still, the risk of not following cybersecurity basics for small businesses is too great to ignore. Fewer employees don’t mean less risk; as a business owner, you want to do your best to protect your investment.
At E-Marketing Associates, we’re focused on leveling the playing field for small businesses. It’s difficult enough to launch, manage, and oversee a small business on a day-to-day basis without being a subject matter expert in sales, marketing, social media, and more. Contact us to see what we can offer for your specific situation today.