Every single one of us relies on technology. Small businesses rely on it as much as the giants, just on a smaller scale. My firm’s clients look us up online and use our website. We store confidential information and communicate via email. We download documents and research and file forms online.
My company is therefore a potential target. And this is not a remote possibility. A recent Ponemon Institute report revealed that more than half of all small businesses become infected every year. The financial consequences can be big and longterm. You have to pay not only in the costs of system recovery, but also the price of losing clients if data was compromised or your operations suffer delays.
Take measures to protect your business before you even open your doors. Some of the measures are obvious — you need to secure your Wi-Fi network, for instance, and install anti-virus software on every machine. But there are also other tools, some of which are so simple we may undervalue their benefits. Here are a handful of tools you can implement with very little pain.
1. Establish clear security protocols.
How are you going to protect your business? Sit down and write it out — with advice from an IT professional, if possible, but there are great guides online, too. Detail the plan for protecting your network and hardware, including the right software for your particular IT setup. Don’t automatically go with the minimum, especially if you handle sensitive information like financial, legal or medical data.
A few things to think about:
• How often should you run system updates and scans?
• Which of your information is sensitive?
• How should sensitive information be handled?
• Which types of software protection are critical, and which are optional?
• Who should have admin privileges?
Revisit your security plan periodically, and don’t forget to include employee training in the process. The plan only protects the business if everyone follows it.
2. Train every employee in email scams.
The most common way to invade your system is through email. Studies show employees receive at least one phishing email every day. The messages include links or attachments that infect your network with viruses, ransomware, malicious programs that let hackers take control of your network and access your data, and more.
Don’t assume everyone knows what to look out for. Phishing scams are getting more sophisticated, so it’s not always easy to tell. It only takes one click to let the bad guys in. So don’t just send a memo; hold a training session.
3. Watch your passwords.
Most of us know what we should be doing with our passwords; we just don’t do it. But password practices really do make a difference in system security. When it comes to your business, take the time to follow at least the basics:
- Make passwords long — experts say at least 12 characters.
- Include a mix of letters, numbers, symbols, capitals and lowercases.
- Do not go with the 12 characters “Password123!”
- Don’t use birthdays, pet names, kid names or a password you’ve used before.
- Do not write passwords on a Post-It and stick it under your desk.
- Change passwords every three months (all passwords, all employees).
4. Decide who can and cannot access sensitive information.
Not everyone in your business needs to have access to everything in your business. The ability to access sensitive information and make system changes should be limited to those employees whose job descriptions require it.
Set up different privilege levels for different roles. It’s important to know who is looking at what and when and why they’re looking at it. Those with top privileges should clearly understand proper handling of sensitive information — no leaving plain-text passwords displayed on your screen while grabbing a cup of coffee, for instance, or emailing private files without first encrypting them. That just defeats the purpose of establishing access levels.
5. Update your software.
Software makers regularly release updates that contain security patches, bug fixes and new approaches to protection. If you want to secure your systems from attack, these updates are not optional. Since the last update you downloaded, criminals have found new ways in, and developers have found and fixed the weak points.
Schedule automatic, regular updates for all software, including (but not limited to) programs related to:
- Operating systems
- Email programs
- Anti-malware software
- Network security
6. Regularly back everything up.
Don’t forget to back up every last piece of data you could ever need. Schedule automatic backups so you can’t get behind, and store the information securely. Anything sensitive should be encrypted.
Why? In reality, you could still fall prey to malware. Phishers and hackers are persistent, resourceful and often one step ahead. Most businesses get hit, often more than once. Just do what you can to protect yourself: Take full advantage of the tools available to minimize the risk and potential damage of a cyberattack, and you’re in the best possible position to avoid taking a big hit.
This was originally posted by Matthew Podolsky for Forbes.