The consequences of malware, phishing attempts and breaches are known to be common amongst household name corporations in our times. Credit bureaus, video streaming and gaming console breaches as just some of the most recent that have made the news. Even though the resulting damages from these attacks totaled in the millions of dollars fiscally, the damage to their brand will take years to measure. Small businesses & start-ups do not have the financial, or social, capital to withstand these types of incidents without putting their very survival at stake.
The following are a few ways to ensure your business is facing modern threats as best it can:
Lock your network doors
In the same way that you wouldn’t dream of leaving your car unlocked, you shouldn’t invite cyber criminals into your business networks, either. Purchase a business grade firewall with comprehensive anti-virus and security threat definitions that are updated constantly. Stay current with your licensing to ensure you can meet the latest threats as they’re exposed. Do not rely solely on equipment provided by your ISP; these devices are intimately known by bad actors and have had their weaknesses make public knowledge.
Also, use SSL VPN connections for remote employees or after-hours access to your networks. Business grade firewalls can easily accomplish this.
Setting company policy
Size is rapidly becoming irrelevant in being an attractive target for cyber criminals. Teach employees and re-teach them about your security requirements and best practices as provided by your IT team.
Policy should include employees using company computers responsibly and not engaging in extra risky activities, how to spot phishing attempts in email, setting requirements for password complexity and expiry, and setting two-factor authentication wherever it can be applied.
Social Media Do’s and Don’ts
Social media is a part of our lives and isn’t going anywhere anytime soon, so reducing risk is paramount. Determine whom can speak for the business publicly and approve all social media content before publishing. When writing employee policy, cover social media sites like Facebook, Twitter, and the like in your non-disclosure agreement, especially their use on company time and premises. Assume the worst to get the best results. Encourage employees to limit the amount of personal information they share online for their safety and the safety of the business.
Protect with passwords
Passwords are the key to front line security, so they are important to protecting access to your networks. The more characters and variation you have, the stronger your password will be. Require strong passwords with a length of at least eight characters with embedded numbers, so you can stop simple attacks that guess passwords. Time out old passwords and require password changes frequently. Educate employees about why writing down passwords, storing passwords on cell phones, or using guessable choices puts company security at risk.
Get critical about Internet security
Stop the mad links. Don’t rely on employees to think about security. Restrict where and when they can access the network or Internet within the business. Along with guidelines for acceptable web use, select content filtering solutions that stop unacceptable use. URL filtering can limit access to unproductive sites completely or during business hours.
Bring Your Own Device
The level of adoption for employees bringing their own devices (BYOD) to work in the small and medium business market is soaring – but what about the security risks? Develop a plan. A BYOD plan will provide a safety net against legal repercussions and mobile system costs. Draft a comprehensive & clear BYOD policy that covers data deletion, location tracking, and content monitoring.
Regularly reflect on the benefits and impacts of BYOD programs. Most businesses adopt the BYOD trend because of the increased productivity and cost savings it can provide. However, not all take the time to gauge if the trend is worth the risk it can expose an organization to. Monitor your use of BYOD to help justify its deployment and prevent future device security problems.
Be sure your mobile users, PCs and servers are using the best available threat intelligence and definitions. You are only as safe as your last update. Look for solutions that make use of remote servers or data centers to do most of the heavy lifting of security. Don’t rely on old antivirus. New methods of detection perform the equivalent of background checks on email senders, files, and websites to protect better and faster without slowing your PCs. Make it as simple as possible for your PCs to have the latest OS patches as well. Do not use end-of-life operating systems.
Choose a Security Partner
Select a vendor who understands the unique needs of security in a small business environment. Check their record. Vendors with a proven track record of years of defense against multiple threats, with knowledge of both small business and enterprise experience will be your best defense.