Despite the lack of coverage in the media, recent data indicates that small businesses suffer from more malware infections than any other business sector. As if small business owners don’t have enough to worry about, reports of new cyber attacks surface daily, pointing out that 77% of all crimes online target small and midsize enterprises. An attack on valuable business data, such as customer information, can be leveraged for identity theft crimes and provide access to larger entities via unprotected connections. Cyber attacks on your company or employees can be detrimental to the future of your business, but there are simple tips that can upgrade your defenses immensely.
Determine Your Level of Risk
One of the first things you should do when trying to increase your online security is to determine what your level of risk is and the location where this risk lies. As a general rule, know that the more extensive your company’s digital operations are, the greater your level of risk is. Therefore, determining where the risk lies and how severe it may be is an important factor for staying safe online. Elements that increase cyber risk include hiring remote workers, lack of robust network administrative privileges, an unsophisticated password policy, losing information in a network disaster and lack of updating security policies annually. Understanding which of these points are weak for your company is a key factor is upgrading the security around each one.
Educate Your Employees
No matter which areas you pinpointed as risks before, educating employees on what risks are at hand is always a helpful step. In order to do so, put together a cohesive list of the risks identified before and provide some training around typical scams as well. Inform your employees of what spam and phishing emails look like and how they should deal with these scams should they pop up in their inboxes. Spam emails can be quite simple to detect as they are simply unsolicited junk mail that’s coming from an unknown source. However, phishing emails are often more challenging to identify because they are intended to be coming from a known source that you trust. To help your employees identify the signs of phishing, here are a few qualities of “phishy” emails to watch out for:
- Email body contains an unfamiliar link
- Email formatting is different than usual
- The email comes from a slightly misspelled domain name
- The email requests login information on an unfamiliar login screen
- The intent of a request within the email seems strange
Establish a Cyber Policy
Once your employees have been properly informed of what risks they are likely to face, establish a written cyber policy for how to handle these scams and other situations. When tasked with creating this cyber policy for your staff, begin with policies for the most basic procedures. Topics that you should cover include how to create and use strong passwords, the importance of updating those passwords regularly, how consequences for policy breaches will be handled, and who the go-to person for future cyber questions will be.
In order to create strong passwords, your staff must understand what makes up a strong password. A few tips to start with are:
- Including at least 13 characters
- Include lower case letters, upper case letters, and special characters (“!”, “?”, “*”, “#” etc.)
- Never include personal information (names, addresses, birthdates, etc.)
Once strong passwords have initially been set, require employees to update their passwords once a month to stay one step ahead of lurking cybercriminals as well.
Lock Down Your Systems
Take a look at whatever points of risk you identified in tip 1 and lock those down to keep thieves out. Locking these portals down involves updating or introducing antivirus and antimalware software. These tools will serve as a security guard standing outside your doors to stop thieves from gaining access to your systems and ultimately your classified information. Further advancing your security measures involves locking down your external devices to prevent thieves from accessing company information through non-company-issued PCs or cell phones.
A simple way to guarantee external devices are locked down is by implementing a cloud-based unified communications platform that you can conduct all business through. This type of system allows you to switch devices seamlessly without sacrificing security because it all happens within the same system. You’ll also want to implement an automatic backup and recovery system that saves company data immediately, hourly, or daily depending on your preferences. This is especially helpful if you switch devices while communicating with colleagues, as you won’t lose any information as you transition between your PC and tablet or smartphone. Luckily, cloud-based unified communications allow you to back all of this information up right within the same system as you chat and video conference with colleagues.
While it may seem daunting for a small business to tackle cybersecurity on its own, recent news shows that it should be a priority moving forward. As more and more businesses suffer the aftermath of these attacks, follow these tips to set your small business apart from the rest. Without properly securing all of your information online, you run the risk of being compromised every day and these simple upgrades can be the difference between falling victim and weathering the cybersecurity storm.