Your company is a target for hackers.
They want data. You’ve got it.
A lot of it.
And it’s nicely organized and, usually, poorly protected.
And just in case you weren’t paying attention, if they do get it, you’re probably going to have to answer to more than just your customers (as if that wasn’t bad enough). Regulatory intervention and civil penalties are two of the fabulous prizes you could earn thanks to your poor security.
Unfortunately, there’s no easy fix. No system is perfect, no security is absolute.
Yet, there are rays of hope! The biggest gains that you can make in improving your cybersecurity involve making small improvements.
Here are 8 Small Business Cybersecurity Tips You Need to Know:
1) Educate Yourself
There are a lot of places to get the basic cybersecurity updates and info you need. Regardless which one (or more) you choose, you have to choose one. Securing your company’s data in a high-tech world probably wasn’t a course you took in school – and if it was, what you learned is probably outdated by now.
You can’t lead if you haven’t educated yourself.
So get – and stay – educated! It’s not easy, but it sure beats looking like an idiot and being the victim of a preventable cyberattack.
2) Create an inclusive culture of cybersecurity
The greatest threat to your company’s data security is your employees.
Obviously, if you’re in an industry that frequently gets the attention of China’s weapons developers or you run a health insurance or consumer credit rating company, other external or foreign hackers might be a bigger threat. For the rest of us, the most likely culprit is an employee, whether as an active participant or through carelessness or bad luck.
Hackers regularly seek out access to computer systems via the login credentials of your employees. Frequently, this takes the form of “social engineering,” which ranges from extremely clandestine maneuvers all the way down to simply asking people for their passwords.
Essentially, hackers take advantage of people without ever having to “hack” into a system like you’d imagine.
And it works. All the time. To an absurd degree and to people and companies who you’d expect to know better.
Why spend hours trying to crack passwords when they can call someone in your office and convince them that your kid really needs your password to get onto the home WiFi?
3) Every rule you bend is another weak spot in your small business cybersecurity
A senior executive doesn’t want to update to a newer phone or never updates the software because they read somewhere that it makes their games work poorly. So, in violation of the company’s rules, they keep their less secure device, or use outdated, unpatched software.
Executives and managers are already high-level targets due to their high-level access to your company’s systems. They tend to be responsible for a lot of the business, make a lot more money, and are usually the business’s key decision makers.
For that reason, IT frequently bends the rules for them.
Don’t. It’s a recipe for disaster.
4) Encourage open communication and reporting of suspicious behavior
If you properly train your employees about the significance of cybersecurity, they’ll be able to spot suspicious activity. Unfortunately, the ability to detect a problem is insufficient on its own – your employees need to be empowered to report what they see.
Guess what? There will be false alarms, mistakes, and some embarrassingly bad calls by your employees. If there isn’t, then they either don’t care about the risk, or they’re afraid of being called out.
Nobody should be afraid of “crying wolf.” The alternative to a system that has the occasional false alarm is a system that frequently misses the real ones.
5) Where practical, encourage the use of multi-factor authentication
Most companies still only require multi-factor authentication for certain functions, like the IT department, or the guy who handles the diamonds. However, that’s changing, and you should be ahead of the curve.
More traditional forms of security are, overall, offering less and less protection. You need something more secure than you did 10 years ago. Fortunately, most of the tools and software we use today allow implementation of multi-factor authentication for little or no cost.
6) Require strong passwords, because they really are better
So much of modern “security” seems like performance – designed to make you feel safer without actually providing real security.
Remember that you need people to use your cybersecurity systems, rather than try to avoid or circumvent them. Don’t require a 15-digit password to be changed every week, or people will find shortcuts. There are plenty of password managers that can help, take advantage! (But make sure they’re properly secured as well – hackers may be starting to target poorly protected password managers!)
7) Encryption is mandatory. Period.
Do you encrypt your data? If you do, Increase it.
You might have encryption in your storage, but is it encrypted when you send it to the cloud? Why would you encrypt it on your computer but not in the cloud?
How about in transit? If you’re not encrypting your data in transit, using your laptop at a Starbucks could make for a good day for a local hacker, and a bad year for you!
Your small business cybersecurity is incomplete at best, completely damned ineffective at worst, without encryption.
8) Backup your data, in more than one place!
All the work on protecting your firm from cyber threats can only limit your vulnerability. There’s always a risk. Make sure that if the rug gets pulled out from underneath you, you’re set up to get you back on your feet quickly.
There are numerous ways to save your data, from local servers to cloud backup. Just remember, your data has to be safe from hackers, but also from more boring things. If your only backup is plugged into the same outlet as your server, will a power surge or a lightning strike kill them both? If your primary storage and your backup storage would be impacted if any one building burned down or flooded, you don’t have sufficient backups.
In the end…
As I said at the beginning, there is no perfect system.
Follow these tips, keep yourself up-to-date on major cybersecurity concerns, and make sure your employees feel valued and important. You’ll be better protected from cyberattacks, and more resilient if one gets through.