Cybersecurity threats can be a real risk to your business. Here’s what to know — and actions to consider taking today.
Cybersecurity threats are more common than ever and a growing threat to small businesses. The shift to remote and hybrid work has provided more opportunities for security breaches — ranging from malware to stolen customer data — that businesses need to arm themselves against.
Why should you be concerned? There was a 38% increase in cyberattacks worldwide in 2022, according to Check Point Research. Yet, only half of U.S. small businesses have a cybersecurity plan in place.
The truth is many cybersecurity concerns can be addressed without incurring huge costs. Here are some key actions that small businesses owners in particular can consider that can make a dramatic difference in the fight against cyber threats.
Keep your software up to date
Out-of-date software can leave you susceptible to security breaches. To help protect yourself, ensure all devices on your network are running the latest software. Enable automatic updates and patches to your software to help protect against viruses, malware, and threats. On top of that:
- If you haven’t already, install anti-virus, anti-spyware, and anti-malware programs for your computer systems, as well as a firewall.
- If you work with a technology vendor or service provider, see if they offer protective software for mobile phones or tablets.
- Secure your network with a firewall and use an encrypted, password-protected Virtual Private Network (VPN) to connect to the network. Avoid using unsecured public Wi-Fi networks like those found in airports, coffee shops, and convention centers.
Tip: Most mobile operating systems have a built-in VPN—you just need to switch it on in your device’s settings.
Use strong, unique usernames and passwords
When setting up a device, make sure all the default names, usernames, and passwords are unique, and don’t reuse passwords across multiple sites. (“Admin” is a standard username, and easy to guess.) Some suggestions:
- Use strong passwords or passphrases. Passwords should be a minimum of 12 characters (the longer the better) and use a combination of upper and lowercase letters, numbers, and special characters.
- Consider using a password manager app, which can help manage various unique passwords across different accounts.
- When possible, use multi-factor authentication. For example, two-factor authentication (2FA) may require a password as well as an access code sent to you via email or text.
Tip: Has it been more than 6 months since you’ve changed your password? It takes just a few minutes and is a great way to help keep your account secure. If you think it has been compromised, change your password immediately.
Manage devices and usage
Define and create roles and needs for various devices so access is only granted as needed. This can help you track which hardware each employee can access and minimize access to sensitive information. On top of that:
- Outline your basic asset-management policies to understand what can connect to your network and who has access to what information. Access rules should be as specific as possible to limit those who have access to certain data, resources, and applications.
- Train employees to keep an eye out for issues like suspicious activity, bad connections, pop-ups, or phishing, as well as how they should report those issues when they arise.
- Educate employees about the proper procedure for device setup, and show them how to respond when prompted for device updates or if their device is lost or stolen.
- If you’re thinking about a “bring your own device” (BYOD) policy, consider the impact of employees using personal devices to access sensitive work information, and set rules or limits accordingly.
Remove employee or contractor access immediately after termination
This is about more than controlling what a former worker can access. Unused but active login information can provide another possible access point for a security breach. To prevent this:
- Make it part of the offboarding process to dedicate time to change passwords and deactivate accounts for any terminated employees.
- Also conduct a thorough review of a former employee’s computer or device to look for other profiles or accounts related to your business that may need to be changed or closed. Be sure to collect all company devices that the employee has in their possession at the time of termination.
Don’t forget about your smartphone
More and more of us rely on our smartphones for most of our communications and day-to-day work needs. To keep all that information safe:
- Enable remote tracking and data wiping on your device, so if it’s stolen, you can render your data irretrievable.
- Have a passcode, only download applications from trusted developers, install updates regularly, and don’t open attachments or click on any links received in suspicious or unsolicited texts or emails.
Back up regularly
Your data and information should be backed up regularly, not just as protection from cyber threats, but to keep your data intact in the event of a technology malfunction.
- If you work with third-party technology and software vendors, talk to them about their policies for performing regular backups to make sure your information is secure.
Tip: Keep your backups disconnected from the internet so that hackers have no way to access them.
Be proactive — and customize as you go
Any cybersecurity plan begins with being proactive. The tips above can help you get started, but you should also put together a plan specific to your company, its needs, and all potential threats. When determining your cybersecurity needs, consider the types of breaches most common in your industry. For instance, if your business is cloud-based with numerous connected devices, you’ll need a plan detailing how your employees access and treat secure information.
Cybersecurity threats can be a risk to your business — and they’re more common than ever. But arming yourself with knowledge and taking simple actions can help protect your business from security breaches.