Running a business online is never a walk in the park. Your business is always exposed to numerous cyber-risks that when left unchecked, can bring it to its knees. It is for this reason and more that it would be wise to take the necessary measures to protect your business from such risk. Outlined below are some of the top practices you can implement to keep your business protected from cyber-attacks.
1. Run Everything Behind A Firewall
A firewall is your first line of defence against cyber-attacks according to cyber security reviewers Fifthgeek. According to the FCC (Federal Communications Commission), every SMB should at least have a firewall install to help protect it from cybercriminals and other malicious people. It would thus be advisable to have at least an internal firewall (aside from the standard external firewall) to not only provide additional protection but also keep your data secure from cybercriminals. Employees working from home also ought to have a firewall on their home networks to prevent cyber-intrusions as well. You, the employer, should provide the firewall software and support to your employees to minimize the risks.
2. Have Your Cybersecurity Policies Documented
Although intuitional knowledge and word of mouth may seem sufficient for small businesses, you still need to have all cybersecurity protocols documented. You can get almost all the information, checklists, and training from SBA (Small Business Administration) cybersecurity portal. Participating in various cybersecurity voluntary programs (e.g. C3 Voluntary Program for Small Businesses) can also help enlighten you on the various cybersecurity protocols and practices to adopt to keep your business safe online. You might also want to use the FCC’s Cyberplanner 2.0 for detailed information on where/how to start.
3. Provide A Documented Policy On Mobile Devices
According to a study conducted by the Tech Pro in 2016 on the use of mobile devices, more than 59% of all businesses currently allow employees to bring their mobile devices, wearables, and other IoT to work. Although these devices may help improve efficiency in the workplace, they too can be used to target your business network, giving hackers access to your files and sensitive data. Most of these devices, and especially fitness trackers and smartwatches, can transmit wirelessly, making them more vulnerable to manipulation. It would be best if you thus had a policy stipulating how these devices (BYOD) are to be used in the workplace. This includes requiring users to allow automatic security updates and for one to use the company’s password policy when accessing internal network services.
4. Sensitize Your Employees On Cybersecurity
Employees play a significant role in protecting your business from cyber-attacks. A member of staff may not be as careful when browsing the internet or accessing company files, which is why it would be advisable to have all trained and sensitized on the various cybersecurity policies and practices. Make it mandatory for all to familiarize themselves with the policies, and even sign an accountability document showing they have read and understood these policies.
5. Implement Safe Password Practices
Many people find having to change their passwords a bit too much, hence use the same password for years. Using a weak password, or one for too long, however, exposes the various networks and accounts to hacking. Multiple studies and reports by the Verizon Data Breach Investigations 2016 show that more than 63% of data breaches are as a result of weak, stolen, and lost passwords. About 65% of all small and medium businesses also do not enforce their password policies. It would, however, be advisable to have a system which requires all employees to use passwords with a mix of symbols, lower and uppercase letters, and numbers. The same passwords should be changed frequently to make it harder to crack.
6. Backup Your Data
Hackers are always coming up with new tricks to gain access to security systems and accounts. This is why you need to have a backup plan, just in case you are a victim of a data breach. You thus should make a point of backing up all databases, word documents, spreadsheets, financial files, accounts receivable/payable files, and human resource files as well. You might want to have the data backed-up on the cloud and at an offsite location as well. This should keep you covered in case of floods or fire at the workplace.
7. Invest In A Strong Anti-Malware Software
Hackers use malware to extract and collect data from their target’s computers. The malware code may be injected to your computer if you open a phishing email or visit an infected site. That said, it might be almost impossible for all your employees to detect an intrusion or potentially dangerous links and websites. Investing and installing an anti-malware program on all devices on the network can, however, help identify and even prevent a malware code from the devices.