In 2020 alone, the cost of cybercrimes cost businesses $2.7 billion. Small businesses remain an appealing target for cybercriminals because they lack the security infrastructure bigger companies tend to have. A recent Small Business Administration survey found 88% of business owners feel they’re vulnerable to a cyberattack, yet they think they don’t have the budget to dedicate to securing their organization or they don’t know where to start.
Some of the most common threats affecting businesses of all sizes include:
- Malware is a broad term referring to software that intentionally damages a network, computer, or server. Malware includes ransomware and viruses.
- Viruses are a specific type of malware that spreads among connected devices, giving cybercriminals system access.
- Ransomware infects devices and restricts access until a ransom is paid. Unpatched vulnerabilities and phishing emails are common ways to use ransomware attacks.
The following are some essential tips for small businesses to begin creating a more in-depth protection infrastructure.
Use Multifactor Authentication
Multifactor authentication is simpler than ever before to use, and it goes beyond passwords to protect against unauthorized access. If you’re relying only on passwords, these are vulnerable to attacks like phishing and brute force.
Multifactor authentication or MFA remains the best way to protect your resources and reduce the risk and costs associated with password compromise.
If your business is moving toward a Zero Trust Security model, MFA would be one part of that.
Of course, MFA doesn’t replace the need for strong passwords—ideally, you need both.
As far as your password policy, you should require employees to use passwords that are at least 20 characters long. Passwords should include letters, numbers, and symbols, which will protect against the likelihood of a successful brute-force attack.
You can use a password manager to help your employees keep track of complex passwords and make sure they get updates when it’s time to change those passwords.
Protect Your Data
When it comes to protecting your sensitive data, remember the following best practices as a small business:
- Back it up: Regularly back up all data you store and do it automatically if you can, or use cloud-based applications. If you are the victim of ransomware and have backups, at least you’ll be able to restore it.
- Secure payment processing: You want to make sure that your payment systems are isolated from less secure programs, and you don’t want to use the same devices to process payments as are being used for other tasks. Ensure that your bank or card processor uses only the highest-level tools and anti-fraud protections.
- Be careful about physical access: This is a big priority right now as many employees are working remotely. Laptops and other devices can be stolen, so you should ensure everyone secures all devices if they’re stolen or lost. You should only give administrative privileges to your most trusted IT staff and the least privilege protocols should always be used. The principle of least privilege means that your employees have only what they absolutely need to do their jobs, as far as access. To control physical access, you should also make sure that each employee has a separate user account.
- Use encryption: Along with backing all of your data up, another layer of security to consider implementing is encryption. You can encrypt all devices and drives, as well as emails, for an added layer of protection. If you’re just getting started with encryption in your business, you want to begin by auditing to understand where your most important and sensitive data is.
Check Third Parties
You may work with a variety of third parties, such as cloud vendors. You need to make sure that before you work with anyone, they check out in terms of how they do business and the security protocols they’re using. Due diligence is critical as you review any third-party providers.
Use a VPN
Virtual private networks or VPNs are a good tool to have as part of your overall security strategy, especially when your employees work remotely or use their own devices. A VPN lets your employees securely access your network so they can work from anywhere.
VPNs will encrypt data as it transmits.
One thing to remember about a VPN is that, again, it’s a piece of a strategy, but it’s not the only one. Many businesses think if employees are using a VPN, that’s all they need to do to stay secure, and that’s not the reality.
If you have a workplace Wi-Fi network, it needs to be secured. You want to not only secure it but encrypt it and hide it.
Make sure your router is password protected.
Monitor Personal Devices
If your employees use their personal devices in any way for work, you need to monitor them and have policies in place that dictate how they can access work with these devices.
There is monitoring software available, and you’ll also need to include in your policy requirements for automatic security updates and password changes. You don’t have to invade the privacy of your employees to monitor their devices with the use of monitoring software intended specifically for bring-your-own-device (BYOD) workplaces.
Train Your Employees
Training your employees is one of the easiest, cheapest, and also most effective things you can do in terms of business cybersecurity. Employees and human error are key points of weakness that businesses tend to overlook.
There isn’t any amount of technology that can combat employees who aren’t trained on general cybersecurity best practices, as well as what their role is in your strategy.
Your employees could fall for a phishing email, download a file or click a link, leaving your business open to significant risks.
Finally, make sure that you’re always running software updates and training your employees on the importance of this too. You need to keep your operating system up to date and any third-party software.
The best things you can do for your small business in terms of cybersecurity are relatively simple and straightforward.
