Capterra IT Management Blog

Software, technology, and management insights for IT professionals

4 Experts’ Tips for Improving Your Small Business Cybersecurity

Share This Article

How’s your cybersecurity these days?

If you’re like most small businesses, it’s probably not that great.

In fact, recent statistics show that fewer than one-fifth of small businesses report their cybersecurity as highly effective. That’s a problem, given that over half of respondents say their small business has undergone a cyberattack or a data breach in the past year.

Dealing with the consequences of a cyberattack can lead to expensive damage control, lost revenue, and even the end of your business.

It’s vital that your business protect itself. And with newer threats, such as ransomware, creating problems for small businesses, now is the perfect time to make sure your security protocols are up to date. As hackers evolve, so must your business.

But in the ever-changing world of technology, it can be hard to figure out which steps you should take to protect your business against cyber criminals.

We spoke with several cybersecurity experts to get their take on four things you should do to improve your cybersecurity. And, we’re including a quick and easy checklist, so you can make sure you don’t forget any of these valuable tips.

1. Keep your computers updated

Your No. 1 priority should be making sure that your operating systems (OS) are up-to-date.

Some businesses hesitate to upgrade an OS because they think it’ll be too expensive or too complicated. That might be why reports indicate that 7% of computers are still running Windows XP, even though it hasn’t been updated for three years and is a huge security risk.

If you’re running an older OS on your computers, you should upgrade it immediately to reduce your vulnerability to cyberattacks.

If you’re already using the latest OS, make sure you’re updating it frequently.

As Gary Miliefsky, CEO of SnoopWall, Inc., says, “Any computing device that connects to the internet should be frequently hardened. The latest patches should be installed.”

For example, Microsoft released an update months ago that addressed the infamous WannaCry vulnerability. But is it on your computer? As Miliefsky says, “If you have not yet been exploited, move quickly to close the hole.”

Have a regular update schedule for your computers, or just set them to auto-update.

But there’s more to keeping your computer updated than just your OS.

The software you use is also a potential risk.

Andrew Newman, CEO and founder of Reason Core Security, specifically cites internet browsers as a potential vulnerability:

“Using an outdated browser, like older versions of Internet Explorer, can leave a company computer, or its servers, wide open to browser-based attacks. Using updated browsers, and ensuring that the software is up to date, can protect employees from easily avoided cyber-threats.”

Don’t ignore alerts that ask you to update your software. Keep programs updated, and you’ll keep your business more secure.

2. Create better password processes

If you think you’ve protected your system by creating a really complicated password, you’re wrong. Your passwords might actually be luring you into a false sense of security.

Caroline Smith, a cybersecurity expert from Frontier Business, suggests that passwords are an oft-overlooked vulnerability of small businesses.

“Businesses often assume their employees know proper password protocol,” Smith says. “But that’s simply not true.”

Employees may not know how to create strong passwords, or they may practice bad habits such as sharing passwords or using the same password for everything. Smith urges companies to outline their password policies: “Let everyone in your company know what the expectations are for passwords, and provide training as needed.”

One important part of that training should be making sure that everyone in your company knows how to craft a strong password.

Too many people are using weak and common passwords for their data, with 4% of people using “123456.” This bad practice could be putting your company at risk.

Dr. Tim Lynch of Psychsoft PC suggests that crafting better passwords can be as simple as “using a phrase with special characters rather than just a single word. For example, ‘All!Happy!Families!’ rather than ‘snoopy.'”

Make sure your employees also know, once they’ve developed strong passwords, don’t give them out to just anyone.

If you need to give guests access to your Wi-Fi, create a separate guest network. As Lynch says, this means “your internal business network remains secure and you don’t have to share passwords with strangers.”

Lynch also emphasizes that no one should ever share passwords through nonsecure means. “Just because someone says she is from IT doesn’t mean she is,” Lynch adds. “Never give out any passwords over the phone or through email.”

3. Train employees to recognize the risks

Employees need accurate, up-to-date information on many aspects of cybersecurity.

Mike Baker of Mosaic451 says that employees are often a business’s greatest cybersecurity vulnerability: “Most ransomware does not make its way onto computers through brute-force hacking but via social engineering techniques such as enticing employees to click on phishing emails or insert malware-infected thumb drives into their computers.”

That’s why Nick Santora of Curricula urges formal security training for employees: “One of the best investments a small business can make to protect against cyber threats is a security awareness training program.”

Though human error is a great security risk, it can be mitigated. “Educating your employees on how to identify and defend against these types of attacks will be the difference between your small business getting hacked or not,” says Santora.

If you’re not sure where to start, check out the Department of Homeland Security’s cybersecurity website. It includes resources for businesses as well as a list of training and education courses you can use.

4. Back up data consistently

Above all else, back up all important data regularly. Should all else fail, data backup will allow your business to continue operating and to recover quickly.

But of course, that only works if you’ve backed everything up recently.

As Sonia Awan of Beyond Security says, “Backing up your critical data regularly reduces the impact of a potentially successful ransomware attack. The delta between your last update and the time of attack defines your pain level. Make it short.”

The less time between backups, the less missing data you have to worry about, and the less costly an attack will be.

Steven J.J. Weisman of Scamicide offers more specific advice: “All data should be backed up daily in at least two separate platforms, such as the cloud and on a portable hard drive.”

Daily backups will mean you’re never missing large chunks of vital data, and the separate platforms will keep you secure even in the case of unexpected technological problems. If you’re not already creating redundant backups, you should begin doing so today.

Make these small business cybersecurity changes today

The world of cybersecurity is complex and changing, but these four simple steps can have a great impact on your business.

Don’t wait to become more secure. Start making changes today, before the next big ransomware attack or phishing scheme hits. You’ll breathe easier knowing your business is safe.

Use our handy checklist to make sure you’ve followed all of the expert tips we’ve discussed:

Looking for IT Management software? Check out Capterra's list of the best IT Management software solutions.

Share This Article

About the Author

Alec Sears

Alec Sears graduated from Brigham Young University in public relations and business management. As a communications specialist for Frontier Business, he helps small businesses stay on top of changes in their industry. He now lives in the Silicon Slopes of Utah, where he loves trail-running with his dog and snowboarding with his wife.

Comments

No comments yet. Be the first!

Comment on this article:


Your privacy is important to us. Check out our Privacy Policy.