5 cybersecurity practices every small business needs to do now
Wagoner County Sheriff Chris Elliott knows the pandemic has forced many people to conduct business from home. Unfortunately, this shift to remote work has also presented opportunities for hackers. The BBB reported Cyberattacks have grown over 400% since the pandemic started, and many of these hacks target small businesses. Small businesses are often targeted because many do not have a fully-fledged IT department to protect themselves.
Unfortunately, the potential consequences of a breach on a small business are enormous. A cyberattack can result in legal fees, lost capital, or even the loss of trust from a customer base. Therefore, it is essential for small businesses to take steps to protect themselves.
Here are the top five cybersecurity practices every small business needs to do now:
- Understand your current cybersecurity status
You might be under the impression that you have relatively good cybersecurity, but how can you be sure? It's crucial to audit your cybersecurity status on an annual basis. Your small business likely goes through many changes throughout the year, including the adoption of new tools, new employees, and more. Each change can potentially weaken your cybersecurity. That is why we encourage you to do (at least) an annual cybersecurity audit.
If no one in your business can complete this audit, hire external companies for this evaluation. However, note that having no one who can conduct a cybersecurity audit internally is likely a bad sign. Consider putting someone in charge of cybersecurity and offering to pay for their training. This is an investment in the long-term that can save your business from attack.
- Train your employees
With the world shifting towards remote work, it is essential to acknowledge how much time your employees work on personal devices or in external locations. As a small business, you may not be able to implement certain cybersecurity practices, such as establishing a VPN network or issuing portable work devices to all employees. Still, your employees are your first line of defense in protecting your company information.
Hackers understand that untrained employees are often the easiest way to get into a system.
Popular types of cybersecurity scams against employees include:
- Impersonating an employee within the organization - usually by finding out their name on social platforms or the company website
- Baiting with information that seems internal, that the hacker has actually found online.
- Hiding malware downloads in email unsubscribe buttons.
- Phishing emails
- Using keyboard capturing techniques to gather passwords.
- Internal threats from current or former employees
Approach training your employees on cybersecurity in a smart way. If you simply send your employees an article describing the importance of cybersecurity, you may not get their full attention. Do not just force tutorials or conduct training sessions onto employees without explanation.
Instead, make them understand the potential impact of these attacks and how vital their scrutiny is. Giving your staff background on the dangers present will help them understand why they should care about cybersecurity.
- Back up important information
It can be devastating to a business to lose critical financial records, customer data, planning documentation, or proprietary information. Some cyberattacks not only steal data, but also wipe and shut down systems too. This is a situation that is almost impossible to recover from.
To avoid this, you must back up all information frequently. If possible, use an automated system that automatically backs up data into a cloud. If this option is not doable, ensure you go through a data back up at least twice a week.
- Update systems
A system upgrade can feel annoying when you are in a productive mood - it requires you to stop what you are doing and allow the system to update. However, you must understand why system upgrades are essential and should be done immediately.
Operating systems have built-in functions to help reduce the threat of a cyberattack. However, as the world of cyber threats is continuously changing, operating system manufacturers release upgrades to keep up with the changing landscape. These upgrades are for the protection of your system and any time you delay an upgrade, you increase your risk.
Instill a company-wide policy of always upgrading systems as soon as they need it.
- Password authentication
Two-factor authentication requires that users verify their identity with a secondary device in a short time frame. The process essentially works as an additional barrier to entry. Someone finding out your password may be likely; someone finding out your password while also having your mobile phone is much less likely.
If you think that your smart, capable employees do not need two-factor authentication, think again. People hate forgetting their passwords and want easy access to their accounts. Unfortunately, this typically manifests itself in the types of passwords they choose. The two most common passwords in 2020 were 123456 and 123456789. Not so secure at all!
Let us say that you manage to convince all of your employees to have complicated passwords. Unfortunately, that itself is not even enough protection. Billions of credentials are for sale on the dark web, with U.S. companies being the top target. Two-step authentication can help your employees keep their accounts secure.