How’s your cybersecurity these days?
If you’re like most small businesses, it’s probably not that great.
In fact, recent statistics show that fewer than one-fifth of small businesses report their cybersecurity as highly effective. That’s a problem, given that over half of respondents say their small business has undergone a cyberattack or a data breach in the past year.
Dealing with the consequences of a cyberattack can lead to expensive damage control, lost revenue, and even the end of your business.
It’s vital that your business protect itself. And with newer threats, such as ransomware, creating problems for small businesses, now is the perfect time to make sure your security protocols are up to date. As hackers evolve, so must your business.
But in the ever-changing world of technology, it can be hard to figure out which steps you should take to protect your business against cyber criminals.
We spoke with several cybersecurity experts to get their take on four things you should do to improve your cybersecurity. And, we’re including a quick and easy checklist, so you can make sure you don’t forget any of these valuable tips.
1. Keep your computers updated
Your No. 1 priority should be making sure that your operating systems (OS) are up-to-date.
Some businesses hesitate to upgrade an OS because they think it’ll be too expensive or too complicated. That might be why reports indicate that 7% of computers are still running Windows XP, even though it hasn’t been updated for three years and is a huge security risk.
If you’re running an older OS on your computers, you should upgrade it immediately to reduce your vulnerability to cyberattacks.
If you’re already using the latest OS, make sure you’re updating it frequently.
For example, Microsoft released an update months ago that addressed the infamous WannaCry vulnerability. But is it on your computer? As Miliefsky says, “If you have not yet been exploited, move quickly to close the hole.”
Have a regular update schedule for your computers, or just set them to auto-update.
But there’s more to keeping your computer updated than just your OS.
The software you use is also a potential risk.
Andrew Newman, CEO and founder of Reason Core Security, specifically cites internet browsers as a potential vulnerability:
“Using an outdated browser, like older versions of Internet Explorer, can leave a company computer, or its servers, wide open to browser-based attacks. Using updated browsers, and ensuring that the software is up to date, can protect employees from easily avoided cyber-threats.”
Don’t ignore alerts that ask you to update your software. Keep programs updated, and you’ll keep your business more secure.
2. Create better password processes
If you think you’ve protected your system by creating a really complicated password, you’re wrong. Your passwords might actually be luring you into a false sense of security.
Caroline Smith, a cybersecurity expert from Frontier Business, suggests that passwords are an oft-overlooked vulnerability of small businesses.
“Businesses often assume their employees know proper password protocol,” Smith says. “But that’s simply not true.”
Employees may not know how to create strong passwords, or they may practice bad habits such as sharing passwords or using the same password for everything. Smith urges companies to outline their password policies: “Let everyone in your company know what the expectations are for passwords, and provide training as needed.”
One important part of that training should be making sure that everyone in your company knows how to craft a strong password.
Dr. Tim Lynch of Psychsoft PC suggests that crafting better passwords can be as simple as “using a phrase with special characters rather than just a single word. For example, ‘All!Happy!Families!’ rather than ‘snoopy.'”
Make sure your employees also know, once they’ve developed strong passwords, don’t give them out to just anyone.
If you need to give guests access to your Wi-Fi, create a separate guest network. As Lynch says, this means “your internal business network remains secure and you don’t have to share passwords with strangers.”
Lynch also emphasizes that no one should ever share passwords through nonsecure means. “Just because someone says she is from IT doesn’t mean she is,” Lynch adds. “Never give out any passwords over the phone or through email.”
3. Train employees to recognize the risks
Employees need accurate, up-to-date information on many aspects of cybersecurity.
Mike Baker of Mosaic451 says that employees are often a business’s greatest cybersecurity vulnerability: “Most ransomware does not make its way onto computers through brute-force hacking but via social engineering techniques such as enticing employees to click on phishing emails or insert malware-infected thumb drives into their computers.”
That’s why Nick Santora of Curricula urges formal security training for employees: “One of the best investments a small business can make to protect against cyber threats is a security awareness training program.”
Though human error is a great security risk, it can be mitigated. “Educating your employees on how to identify and defend against these types of attacks will be the difference between your small business getting hacked or not,” says Santora.
If you’re not sure where to start, check out the Department of Homeland Security’s cybersecurity website. It includes resources for businesses as well as a list of training and education courses you can use.
4. Back up data consistently
Above all else, back up all important data regularly. Should all else fail, data backup will allow your business to continue operating and to recover quickly.
But of course, that only works if you’ve backed everything up recently.
As Sonia Awan of Beyond Security says, “Backing up your critical data regularly reduces the impact of a potentially successful ransomware attack. The delta between your last update and the time of attack defines your pain level. Make it short.”
The less time between backups, the less missing data you have to worry about, and the less costly an attack will be.
Steven J.J. Weisman of Scamicide offers more specific advice: “All data should be backed up daily in at least two separate platforms, such as the cloud and on a portable hard drive.”
Daily backups will mean you’re never missing large chunks of vital data, and the separate platforms will keep you secure even in the case of unexpected technological problems. If you’re not already creating redundant backups, you should begin doing so today.
Make these small business cybersecurity changes today
The world of cybersecurity is complex and changing, but these four simple steps can have a great impact on your business.
Use our handy checklist to make sure you’ve followed all of the expert tips we’ve discussed: