Small businesses are often targeted by malicious hackers. The motivation for this activity comes down to the perception of softer cybersecurity. Many small companies have easier to access sensitive resources and lower awareness of unauthorized activity on their systems and network(s).
The reasons to put more emphasis on cybersecurity are growing by the day:
- According to a Data Breach Investigations study by Verizon 71% of breaches occur in companies with fewer than 100 employees.
- In the UK the latest Government Security Breaches survey found that nearly three-quarters (74%) of small organizations reported a security breach in the last year. An increase over previous years.
- 60% of small companies that suffer a cyber attack are out of business within six months according to the US National Cybersecurity Alliance.
In order to promote higher awareness, we’ve assembled our top ten tips for tightening small business cybersecurity:
- Don’t re-use the same password across multiple computers, servers and websites. Use a unique, strong password that has 16 or more characters. Change all passwords regularly.
- Store passwords with a password manager like KeePass to improve password management and generation capabilities. Backup your password file somewhere safe (like a USB flash drive in a safe). Never store them on sticky notes or other areas visible on your desk.
- Try to use an Ethernet (wired) connection vs. wireless. If on wireless make sure to setup WPA2 encryption with a strong (40 characters+ recommended) password (disable WEP, WPA and WPS).
- Put your network behind a real firewall with features (SPI, DPI, IPS, AV, VPN) that can reduce your attack surface and improve detection. The consumer and small business grade equipment is generally sub-optimal.
- Install and monitor commercial grade endpoint protection on all client and server systems. Traditional anti-virus is no longer sufficient to protect computers from advanced threats.
- Replace your browser with Mozilla Firefox or Google Chrome and add on uBlock Origin. Subscribe to all of the malware lists. This combination is secure, filters malicious web content and blocks most advertising (some of which also has malicious content).
- Run your updates! Microsoft Office and Windows, Mac OS X, iOS, Android, Linux and other software all need to be updated regularly. These updates are often important security patches that help to reduce attack risk.
- Keep your items locked up when you aren’t present. Whether it’s a portable computer, external hard drive, sensitive business records or mobile devices, they should be under lock and key when the office is not in use.
- Securely wipe old systems, hard drives, flash drives, phones and other devices before disposal. Even printers and toner cartridges may be storing sensitive information!
- Encrypt, encrypt, encrypt. Most modern laptops, tablets, phones and external hard drives have built-in encryption support. Use it to mitigate risk in case an item is ever stolen or otherwise physically compromised.
Of course there’s no better way to improve cybersecurity than to hire a professional consultant. Envescent can help. Contact us to discuss your business’ cybersecurity.