I know what it’s like to run a business.
In any given day there are dozens of things that need to be seen to. Sometimes it can feel like you’re running just to keep up.
And I’ll bet that in amongst all of this improving your online security doesn’t normally feature very high in your todo list.
But maybe it should.
The thing is that small businesses are being increasingly targeted by hackers simply because they know that security isn’t a priority for many of them.
But if your business were to be targeted the damage could be so severe that you may find it difficult to recover.
But it’s not just data loss. There’s the damage to your business’ reputation in the eyes of your clients as well as the online damage if Google determines that your company website isn’t safe and removes it from their listings.
But security doesn’t need to be an onerous, complex or expensive issue. Just common sense backed up with some investment in technology and procedures can make all the difference.
So here are 10 common sense tips that will improve your company’s security.
Tip #1 – Create A Cybersecurity Policy
Often basic actions like creating a Cybersecurity Policy which include simple things like don’t write down personal login details in sticky notes on your desk or not sharing sensitive information via email can reduce the possibility of accounts being hacked.
These should be backed up with disciplinary procedures for violation and there should be periodic drills or security assessments to measure the effectiveness of your policies.
Tip #2 – Backup Plan
As a business owner, you should be very careful about where sensitive data is located especially anything relating to your clients.
This includes having a strict data Backup Plan and a data backup service in place. Ideally get these off site or in the cloud so that even in the event of a major physical incident in your premises (fire, theft, flood) you still have full copies available.
As with overall security policies, check these from time to time and restore data from backups to ensure they are fully up to date.
Tip #3 – Use A Host-Based Security Solution
It’s always a good idea to have some sort of security software in every internet connected device to continually check for malware, viruses and spyware on a daily basis.
Sometimes it’s hard for smaller businesses to implement a more complex network security and that’s where host-based security solution comes into place. You should always ensure that you update the security solution in all hosts regularly to protect all devices from the latest threats.
Ideally use an anti-virus solution that has an automated update built in.
Tip #4 – Protect Your Partners
Often small businesses work with larger companies or partners and this can also provide determined hackers with a route into the larger entity. In these instances it is vital that you protect your key suppliers/partners by securing your own perimeter.
This could involve ensuring that there is appropriate authorization and authentication in place, protecting your infrastructure with a firewall and having anti-virus set up on every device.
In cases where the relationship is sensitive and commercially important, a ‘belt and braces’ approach would be justified. This could involve a vulnerability assessment or penetration testing by an accredited third party to test the security of your own network.
Tip #5 – Secure your Wi-Fi network
Many small businesses use Wi-Fi networks but often they don’t pay too much attention to their security.
This is a mistake because Wi-Fi is a favourite method for hackers to access sensitive data as it passes across an insecure network such as ‘man in the middle’ attacks (MITM).
Also, many Wi-Fi networks use weak encryption methods or they’re not even password protected at all. As a minimum you should ensure that your Wi-Fi network uses the highest encryption possible as well as a long password for authentication to reduce the possibility of basic intrusion.
In addition, you can stop broadcasting the network name, known as the Service Set Identifier (SSID) for even more security.
Tip #6 – Train Your Employees
It’s often said that people are the weakest link in the chain. As an owner of the small business, the best thing you can do is give your employee informed security training so that they can not only protect themselves from online attacks but also protect the company’s assets.
Hackers often try to gather information by using social hacking methods which involve tricking one of the employees within a business to give up sensitive information. Training your employees about these possible social attack scenarios means that they will be aware of them and less likely to succumb to this type of risk.
Tip #7 – Encrypt Sensitive Data
If you work with any type of sensitive data (i.e. client data or data shared with you by a third party) make sure you’re safeguarding them by encrypting the data where feasible.
This could be something as simple as implementing full disk encryption (for Windows PCs) so that even if your network is compromised your sensitive data won’t fall into the wrong hands.
Also, switch your business website to secure HTTPS in order to prevent data being accessed between the browser and the web server.
Tip #8 – Password Policy
Password hijacking is one of the easiest and most common attacks that businesses face.
Often users are allowed to use a weak password for a long period of time. Using a simple password and not changing it increases the level of risk especially if employees are allowed to use one single password across several systems.
This risk can be severely minimised by implementing a frequent password changing policy.
An example policy would require a user’s password to be changed every 4 months and the password should be at least 10 alphanumeric characters for the best level of security. Even better would be to include the use of a random password generator to ensure the password is unique and impregnable.
Tip #9 – Network Firewall
If your office has an internal network then the first line of defence should be a Firewall before the gateway of the internal network. A Firewall can be software based like pfsense or hardware based like Cisco ASA firewall.
Even if the firewall is software based it will help mitigate some of the attacks that will be filtered out before getting into the network.
The firewall should be placed to protect the most sensitive services like web servers, mail servers, DNS servers and FTP servers etc..
Tip #10 – Use Of Anti-Theft
Using anti-theft software in every desktop and laptop can prove useful if any business devices are stolen. The anti-theft software works by wiping out any data on the hard drive thus preventing it getting into the wrong hands.
This type of tool also exists for smartphones if you need to secure these too and can be setup to track and monitor stolen devices.
Finally, a physical hardware lock for less mobile equipment (workstations, servers, printers, switches, etc.) can also act as an effective deterrent.
There is no one single, unified way to secure your small business. However, just a few common sense policies, backed up where necessary by appropriate investment in hardware and software can dramatically reduce the risks posed by data loss.