Cyber security threats continue to grow apace and if your business is not taking cyber security threats seriously, then you are leaving yourself open to potential cyber-attacks.
No matter the size of your business, there are no companies that are immune from the threat of a cyber-attack. Whilst it is the larger businesses that make the headlines when it comes to cyber-attacks, most cyber-attacks target SMBs.
Whilst cyber-attacks on large businesses are not uncommon, they usually have greater layers of protection in place to are better prepared to deal with the cyber-attacks.
SMBs on the other hand don’t tend to invest as much in cyber security protection, leaving themselves open to cyber-attacks.
Working with a cyber security specialist is the best way to protect your business from cyber security threats. Auditing your business and identifying potential threats and then putting measures in place to combat those threats is the way that large businesses deal with cyber security threats.
For smaller businesses, however, the cost implications of working with a cyber security specialist can be prohibitive, however this doesn’t mean that SMBs cannot protect themselves.
We have pulled together a list of 10 simple things SMBs can do to improve their cyber security. Following these steps will be a great start in your efforts to combat cyber crime and keep your business safe from threats.
1. Put a plan in place
Perhaps the most important step in the process is to have a clear plan. Understanding the cyber security threats to your business and mapping out a plan to combat those threats is important. A spray and pray approach simply won’t work.
The size of your business will dictate the level of planning needed and the infrastructure you need to have in place but the starting point for tackling cyber security is to understand what you are dealing with.
2. Use two step verification
A really simple way of protecting your business is to implement a two-step verification process for logging in. Two step verification basically means you must perform a secondary step of verification in addition to the traditional password. This could be as simple as a code sent via SMS or more robust like using a biometric identifier such as facial recognition or fingerprint recognition.
Two step verification has become standard for most big software services including Apple, Microsoft and Google and many password management tools (see below) can include the use of two step verification.
It is easy to implement and is one of the easiest ways to keep your data secure.
3. Backup your data
Whilst this one seems like a no brainer, it’s amazing how many companies do not back up their data.
Cloud storage is not expensive so is not prohibitive, no matter the size of your business. Cyber crime is not always about stealing your data. Sometimes the end goal is to encrypt or erase your data or threaten to do so. This is known as ransomware and cyber criminals will then hold you to ransom in order to get your data back.
Backing up your data to a physical and cloud-based service offers an extra layer of protection, making it difficult for hackers to access all areas where your data is stored.
4. Keep your antivirus and other software up to date
Before we get into keeping your antivirus software up to date, it’s important that you first ensure you have antivirus technology in your business. There are several solutions for businesses of all sizes so carry out your research and find the best solution for your business.
Once installed, it is important to keep your software up to date. Whilst the constant updating can seem annoying and slow down your computer, it’s crucial that regular updates are carried out as developers are constantly updating the software in order to address any weaknesses and add new features to counter progressions in common viruses.
Setting your antivirus software to ‘auto-update’ when you install is the best way of keeping the software up to date.
Just as it is important to keep your antivirus up to date, it’s also important to keep all software on your network and individual devices up to date. Software developers are constantly adding security patches to apps and programmes in order to combat cyber security threats. Auto-updates are the best way to keep all your apps and software up to date.
5. Don’t ignore physical security
Whilst our focus is on cyber security, protecting your electronic data is about more than online security. Physical security is just as important if you want to protect your data. Part of this is around education. Making sure your employees are aware of the potential threats to your business is important as they are often responsible for potential security breaches. These include:
- Locking personal devices and laptops when left unattended
- Not writing down passwords
- Not leaving sensitive documents in the open
- Keeping access cards secure
6. Educate employees
As we mentioned above, education is a key element of any cyber security plan.
Cyber security training should be mandatory for every new member of staff and your cyber security plan and infrastructure should form part of that training plan.
There are lots of resources available for cyber security training and it is important to provide up-to-date, real-life examples of cyber security threats that could impact on your business. Examples of common cyber security threats such as phishing emails are important to include in your training to help people understand what to look out for.
7. Enforce password rules
Strong passwords are one of the first lines of defence against breaches. We have already talked about the benefits of two-factor authentication, however there are steps you can take for those devices and systems that are secured by passwords only.
As well as enforcing rules around the strength of passwords (minimum length, characters etc), it is important to ensure people within your organisation are updating passwords on a regular basis. For most people, this won’t happen unless prompted. That’s why it is important to build into your cyber security plan a schedule for the updating of passwords across all connected devices on your network.
8. Use a password manager
If you really want to get serious about passwords, you will want to use a password manager tool like LastPass, One Password or Sticky Password to keep track of everything for you.
These tools help you use unique, secure passwords for every site you need while also keeping track of all of them for you. That way, you get the security benefits of changing your password, without having to worry about making things hard on your employees.
Even better, if you need someone on your team to log into any of your accounts you can share password sets so they can update your website, post to your social media accounts, and much more.
Some of these password management tools also have two-factor authentication baked into them, adding a further level of security.
9. Implement VPNs for all connections
Networks that are protected only by generic security measures are more vulnerable to attack. Implement virtual private network (VPN) connections between office locations and make their use easy—and mandatory—for mobile employees who may connect through public Wi-Fi services.
VPNs secure your public internet connection by encrypting your information and shielding your online activity from cybercriminals and even your own Internet Service Provider, or ISP. In terms of your online privacy, the most secure VPNs are also likely transparent about their privacy policies, take steps to fix leaks, and won’t keep logs of your browsing history, providing you with a more secure way of working online.
10. Leverage existing security options
Many applications come bundled with their own security features. Whilst it is still important to implement additional safeguards, vendors know their own products and typically devote significant resources to deliver a safe environment for customers.
Make sure you understand the security features included within the software and devices that you are using and make sure you use these security features to the maximum extent in order to support your own cyber security measures.
Summary
Cyber security is something that needs to be taken very seriously. Whilst there is no substitute for working with a cyber security specialist, there are steps you can put in place to manage your own cyber security needs.