Maybe few of us saw it coming, but today even the smallest small businesses are finding themselves in the crosshairs of would-be cyber-criminals and data “brokers.” If you haven’t already strengthened your cybersecurity measures as an entrepreneur or small business owner, there’s no time to waste. Here are five practical solutions to get you on your way.
Restrict or Control Access to Your Networks
Although a lot of the security threats you’re likely to face tend to come from remote operators, there’s increasing evidence that a considerable portion of the business world’s security breaches come about because of unscrupulous insiders or poorly policed access to critical machines and networks.
In fact, among small businesses, negligent — or, more rarely, actively malicious — employees constitute the biggest threat to the integrity of your data and other assets. Among small- and medium-sized businesses, the average cost of a single data breach thanks to ransomware attacks or poor password hygiene stands at $1 million. That means just one lapse in your network access protocols could be ruinous.
A big part of this concerns the company culture at your organization. Each employee should have their own account and passwords for critical processes and shouldn’t share their credentials with anybody — except under extremely specific and pre-approved situations.
Moreover, these accounts should have appropriate levels of access and clearance, meaning junior employees shouldn’t find themselves wading through financial records, client contact information or trade secrets — unless the nature of their work demands it. Another overlooked task is to revoke account and network accessif an employee leaves your company.
Keep Your Operating Systems and Applications Updated
There’s a good reason this “suggestion” regularly tops action lists like this one — because it’s completely non-negotiable. Hardware and software makers tend to know about up-and-coming security vulnerabilities before the general public, meaning some of these security gaps get patched quietly before they’re likely to affect you — but only if you update.
Keeping your operating systems and applications “behind the times” is like leaving your car doors unlocked in a bad part of town. You’re asking for trouble you could easily prevent by turning on auto-update for all the digital tools you use or training your employees to check for software updates regularly.
Stage Mock Break-Ins on a Regular Basis
One of the worst things you can do when it comes to cybersecurity is to set something up and then forget it. The type and scale of technological threats seem only to proliferate, which means you need to engage in some routine monitoring and constant vigilance to keep your assetssafe.
If you’re not already, you should be engaging with outside IT and security firms for “penetration testing.” It’s just what it sounds like — under supervision, but otherwise using real-world conditions, professionals will attempt to gain access to your computer networks. This is a valuable tool you can leverage for reacting to new types of threats in a controlled setting.
Secure and “Silo” Your Wireless Networks
It’s common for small businesses to maintain Wi-Fi networks for employees, clients and visitors. There’s nothing wrong with this — but how you do it could make you vulnerable to hackers. Open Wi-Fi is undoubtedly a matter of convenience for your customers and clients, but in the right hands, an unsecured network could give skilled data thieves all the tools they need to get into your critical assets and intellectual property.
That’s why it makes good sense to maintain separate internet connections for visitors and employees, establish password protection for each oneand make sure the logins and passwords find their way only into approved hands.
Get Employees Involved and Make Cybersecurity a Cultural Matter
Finally, we return to company culture. Even — and maybe especially — in a small business, it’s easy to take some things for granted, including that everybody under your leadership has the same values and priorities.
That kind of assumption can be dangerous. Even something as “common sense” as which websites to visit and which might be harmful shouldn’t be left to chance. You should make the safe transmission of data over the internet a cornerstone of employee training, including making sure they’re using encrypted “https” websitesevery time, without exception.
Your employees are a vital part of your cybersecurity measures. They should be well-informed about how you’re protecting yourself and what you expect of them. In 2015, the United States saw 77,000 reported cyberattacks, which was a 10 percent leap from the previous year.
If your employees don’t have a healthy respectfor the common vulnerabilities of the world’s small businesses, they’re in a poor position to help you protect your shared interests — and might find themselves a weak link in an otherwise well-devised security platform.
How to Make Cybersecurity a Priority for Your Small Business
1. Restrict or Control Access to Your Networks 2. Keep Your Operating Systems and Applications Updated 3. Stage Mock Break-Ins on a Regular Basis 4. Secure and “Silo” Your Wireless Networks 5. Get Employees Involved and Make Cybersecurity a Cultural Matter