Data shows that approximately 76% of cyberattacks occur in companies with less than 100 employees. Cybercriminals know that small businesses tend to be easy targets and that access to small business computer networks often also gives them access to customer and supplier networks.
Last week, we saw how a small business can protect their business against these threats. This week, we’ll look at some suggestions on best practices for device security, then end with some suggestions on how to recover from a cyberattack.
Here are some best practices for device security and steps you can take to secure your devices.
For computers and servers, choose an enterprise-grade antivirus security solution that is centrally managed so you can monitor all devices on your network, restrict user access, and enforce security policies. Consumer products do not provide sufficient protection.
Implement multiple layers of protection. Installing anti-virus software on your computers is not enough. Look for an all-in-one cloud solution that offers endpoint, web security, and email protection.
Isolate payment systems by separating your point-of-sale systems or credit card readers from the rest of your network by placing them on a separate network or firewall.
Restrict physical and digital access to servers. It only takes one malicious employee to wreak havoc.
Require two-factor authentication to connect to servers.
Regularly update software, hardware and firmware; configure updates to install automatically.
Regardless of the device, be sure to change the default username and password, disable remote management, restrict access to specific addresses, require two-factor authentication, and regularly update the software and firmware of the device.
For mobile devices, enforce passwords or passcodes on devices. And take advantage of biometric identification technology if available; it’s more secure than using a password.
Install security software on devices like Wi-Fi routers and other network-connected devices like printers and copiers, etc. Use a separate Wi-Fi network for guests and be sure to enable encryption using WPA2.
If your business has been the victim of a cyberattack, there are steps you can take to recover as quickly and efficiently as possible.
Answer. Shut down your computer, disconnect your internet connection, or turn off your router until you can assess the damage.
Restore your data from a backup. Experts tell me they suggest using the “3-2-1 backup rule”. They do this: Always have three backup copies. Store the backup on two media (for example, on a hard drive and in the cloud). Keep a copy offsite so that a physical disaster at your site doesn’t wipe out your only copy.
Call on IT experts to help you if necessary.
Retrieve. Execute your disaster recovery plan. If you don’t have a contingency plan, now is the time to create one. Look for free templates online that you can use as a starting point and adjust to suit your business.
Meet all breach notification requirements. Depending on your industry, you may be required by law to notify customers, vendors, or employees affected by a security breach.
Evaluate existing and new technologies you can use to prevent future breaches. Are your current cybersecurity practices effective? If not, what can you add to better protect your business?
Here are some resources for learning more about cybercrime, developing a plan to protect your business from cyberattacks, and reporting a cyberattack.
- SCORE.
- Trend Micro Internet Security for Small Business.
- National Cybersecurity Alliance.
- Federal Communications Commission.
- Federal Trade Commission.
- National Institute of Standards and Technology.
- FBI Field Office Cyber Task Force.
- Internet Crime Complaint Center.
Cybercriminals are tricky, but you can thwart them by being aware of the risks and immediately implementing cybersecurity best practices. Educate your employees, implement a cybersecurity policy for your business, and put in place the appropriate protections. These simple steps will help prevent your business from becoming a statistic.
Dean Swanson is a SCORE Certified Volunteer Mentor and past SCORE Chapter President, District Director and Regional Vice President for the North West Region.
Comments are closed.