The increasing reliance of business on the internet and other networks has made computer crimes highly lucrative with little risk when compared to physical crimes like bank robbery. Small business owners have historically believed themselves to be largely immune to the cybersecurity threats and crimes that often affect enterprises, although current statistics show this is no longer the case. Microsoft reported in 2017 that 20 percent of small and medium-size businesses (SMBs) were the targets of cyber crimes during the past year. This post discusses six of the most important considerations in cyber security for small business owners.
1. Security Policy
All businesses require a security policy, even that business doesn’t have employees. A common set of guidelines ensure that everyone handles security in the same way, which is essential for establishing accountability when a security breach occurs. A security policy should include should include specific procedures for each type of data such as personal information and the business’s financial details. The policy must also specify the penalties for failing to follow these procedures.
Wi-Fi is a common method of allowing employees to access company data, but it also creates security vulnerabilities. A wireless network should be secured with a variety of methods, including passwords that are difficult to guess. It’s particularly important to change the administrator passwords on wireless equipment from their factory defaults. It’s also possible to configure wireless access points so they don’t broadcast the network’s Service Set Identifier (SSID), which is an effective method hiding the network from hackers.
Everyone with access to a business technology assets should give considerable thought to their password and making sure they password protect all devices – mobile phones, tablets and computers. It should generally be easy to remember, but hard to guess. Users should never disclose their passwords to anyone, and they should use a different strong password for each system.
Data protection practices should include the encryption of confidential data that could harm an employee or the business itself if it were accessed by a hacker. A solution that manages data access rights can also help prevent the disclosure of sensitive data. Employees should also receive training on resisting social engineering tactics and recognizing internet scams.
Preventing a cyber attack from occurring in the first place is much easier than mitigating its effects. Access prevention tactics include keeping firewalls active at all times and updating software regularly. It’s especially important to apply security patches as soon as they become available.
Malware includes any software that adversely affects a computer system by design such as viruses, Trojan horses and worms. These programs typically disguise themselves as desirable software or software updates, often in the form of pop-up ads. Training can help users distinguish between legitimate software and malware before they click on a pop-up.
CSCi provides IT security services for small businesses in the San Diego Area. Our enterprise-level security includes a cloud-based platform with Unified Threat Management (UTM). Contact us today to find out how we can help protect your business and make it more secure.