Nobody needs to tell small business owners about the risk of cyber attacks — the daily news is rife with examples of large and small businesses hacked for their customer data or their banking information, with K-Mart just the latest of a long parade.
Yet with interconnectivity, broadband, web-based business crucial to reaching new markets and customers and increasing productivity, we can’t simply close the doors or block all incoming traffic. And while small businesses don’t always have large budgets or specially trained IT staff capable of running network security programs, according to a report from Verizon, small businesses were the target of 71 percent of data breaches they examined. All businesses need a plan to protect their data, and their customers’ data own business, their customers, and their data from growing cyber threats.
Not to worry — an effective plan doesn’t have to be complex or expensive. Start with this checklist:
Put up a firewall
A firewall acts like a barbed-wire fence, a vault door, and an alarm system to protect your digital facilities. Do your research — much of the hardware and software you already have can provide firewall protection. Be sure you enable a hardware-based or software-based firewall with a goal to control all data coming in and out of the network, and to prevent unauthorized access. To limit the chances of a network breach, be sure to invest the time to understand and follow your firewall provider’s guidance to implement the most secure configuration settings recommended for your network setup. Even if it may take several days to complete the setup for a novice, this investment is among the most important for your IT infrastructure and is well worth your time.
If your employees work from home, instruct them to make sure they have enabled the firewall settings available on their home network hardware.
Protect your Wi-Fi access points
If you use a Wi-Fi network to ease network access in the office, make sure it’s invisible to outsiders, encrypted, and secure. Set up your router to require a password for access, and set your wireless access point so it does not broadcast the network name, known as the Service Set Identifier (SSID).
Regularly update passwords to company networks
Require that employees setup individual unique passwords to access the company network, and change passwords at least every few months. For extra security — especially important if your financial or human resources data is available on the network — implement multi-factor authentication, requiring additional information beyond a password to access the network.
Create individual user accounts for employees
Laptops are easy targets, so prevent criminal access to business computers by assigning individual employee accounts for each computer with strong password protection.
Not every employee needs access to every computer or server system. Provide individual accounts to each employee based on the specific data they need to do their job. Limit employee access to other data and information, and limit authority to install software only to trusted IT staff and key personnel.
Vet your IT service providers
If you hire contractors or agencies to develop your website, network or IT infrastructure, be thoughtful and cautious about who you allow to access your computers and network. Check each agency’s professional references, check with the Better Business Bureau and other standards organizations, to ensure the company is trustworthy.
Keep computers and networks clean
The best defense against malware, viruses, and other online threats is to keep your office computers, your employees computers, and your network devices up-to-date with the latest-version security software, web browser, and operating system. Set up your systems’ antivirus software to run a scan after every software update. Always install software updates as soon as they’re available.
Set standards for mobile devices
As we all use more and more powerful smart phones and tablets, and more employees want to ‘bring your own device’ for work, small businesses need to be aware and manage how employee devices are used on internal networks. Be specific about what company tools and data may and may not be used on a personal device. Use encryption tools when enabling access between the devices and the network. Require employees to password protect their devices, encrypt their data, and install security apps to prevent criminals stealing data while the employee is using public networks. Define a specific procedure requiring employees to report immediately when their device is lost or stolen.
Regularly backup your important data
Regularly backup your network system and all computers used for business. It’s important to keep constant backups of system and network settings, applications, and all your business data (spreadsheets, databases, word processor documents, accounts receivable, tax documents and human resources files). If you’re using a modern business NAS (Network Attached Storage) system, it will enable automated backup, and you’ll find some of them offer onboard anti-virus and other security apps.
Teach your employees basic security
Educate your employees to follow these everyday practices:
- Set secure passwords. What’s secure? Avoid using common words, phrases, or personal information. Passwords should be long, complicated and impossible to guess, and should use a mix of capital and lower-case letters, numbers and symbols. How to remember a complex password? Instead of using your children’s names, try using the first letters of a unique phrase, for example: mfsiICGNSbtRS (“my favorite song is I Can’t Get No Satisfaction by the Rolling Stones.”)
- Change passwords regularly and never share them with anyone.
- Keep software up-to-date — especially anti-virus software, web browsers and your operating system.
- Pay close attention to the URLs of websites you visit. Malicious websites trick users by using URLs that mimic a legitimate website, with only a slight difference, or use .com instead of .net or vice versa.
- Be suspicious of every email you weren’t explicitly waiting for. Crooks are getting better and better at mimicking company emails. Never provide personal information by clicking a link in an email. If you think the request is legitimate, instead always visit their website by typing in their web address yourself, or call them by phone.
- Be suspicious of unsolicited requests for internal organizational or personal information. Verify a request’s authenticity by contacting the requesting entity or company directly.
- Never automatically open email attachments. Save any attachment and use anti-virus software to scan it first, before opening it.
Keep this checklist handy until you’ve implemented each item. And let me know if there are other steps small businesses should take to secure their networks and data.
–
Who is John Paulsen? A former small-business leader myself, I feel your pain (and joy) and hope you’ll enjoy the blog. I launched and ran a well-regarded production company in San Francisco with a team of 9 brilliant, hard working people. I learned to manage a wide array of tasks a small business must handle — business strategy, facilities design, HR, payroll, taxes, marketing, all the way down to choosing telecom equipment and spec’ing a server system to help my team collaborate in real-time on dense media projects from multiple production rooms. I’ve partnered with and learned from dozens of small business owners.
Leave A Comment