Cyber security is biggest threat most small businesses will face in their lifetime. One of the many challenges a small business owner faces is protecting themselves against a sophisticated range of attackers often with minimal knowledge and experience. There are five practical steps any business can take to make themselves more secure. They don’t cost much. They don’t require outside help and they could seriously improve your resilience.
If you don’t know the risks, how can you protect yourself against them? If you’re a sole trader, learn online. If you have staff, train them on policies and procedures, potential risks, social engineering, internet use and data security. Back that training up with clear policies and you will go a long way to securing what’s yours.
If you don’t have the expertise in house, seek it externally. The extra costs will be recouped the first time a staff member recognises a phishing email or avoids an infected web link.
Enforce those policies
Having policies on data access, internet use, information security, BYOD and password security is all very well but you must also enforce them. Some can be done automatically such as setting minimum password length and complexity and BYOD security with MDM solutions. Others may need continued training and feedback to embed a secure way of working and to maintain awareness of risk.
This enforcement doesn’t have to be negative or overbearing but should instead be more engaging.
If you use desktop computers and not servers, setting them to automatically update is vital. Windows and MacOS can both be set to update themselves. The same for your antivirus, malware scanners, firewall and productivity programs. Updates can include security fixes and improvements, stability enhancements and in the case of antivirus and malware scanning, up-to-the-minute definitions.
Most can be set to update themselves while others may need manual intervention. Setting a calendar reminder once a week to check your computers is the simplest form of update management but is still effective.
Servers and standalone security appliances will also need updating. Check with your provider about this.
Secure your WiFi networks
If you use WiFi anywhere in your business, you should lock it down. WiFi is less secure than a wired network but also more convenient. It allows anyone to access the network with any device from anywhere. In certain situations, it is a valuable resource. It does need to be secured though.
Enforce strong WiFi passwords and automate access if you can so staff cannot share the password. Create a separate guest network for visitors that has no access to your data or servers and make sure your firewall is set to only allow authorised devices onto your network and/or onto the internet.
Encrypt your data
Both Windows and MacOS have encryption built in. You will need Windows Professional or Enterprise to use BitLocker or you could use a third party encryption suite. Encrypting all of your data while at rest is a key method of maintaining data security. It is mandated in some regulated industries but should be common practice in every business.
Encryption can be completely free of charge but will need configuring to get the best out of it. It acts as a second line of defence to protect your data even if someone gets into your system. Now encryption has been made accessible, there really is no excuse to not use it!