Now that you understand the risks, threats, and items of value, it is time to assess your current cybersecurity levels. If you have not given cybersecurity any thought until this moment, you have plenty of company. As previously cited, 87% of SMBs feel they are immune to attack.
The time to protect your company’s assets is before thieves discover an entry point into your systems and software. To revisit the home analogy, it is better to install strong locks, new doors and windows, and an alarm system before a burglary, rather than after.
Many SMBs lack the budget for full-time IT employees to focus on cybersecurity. As a result, the CEO, an operations manager, or someone with a similar title handles IT security. Many shy away from it because they feel it isn’t in their wheelhouse.
Basic cybersecurity steps that any SMB can take are so easy that anyone from your company can take the lead. Most rely upon simple strategies that are akin to locking doors and setting alarms; these can be undertaken by nearly anyone.
10 Ways to Strengthen Cybersecurity at Your Small Business
- Provide basic IT security training to your entire team: Phishing scams, viruses, and other attacks can be prevented through training. Training consisting of methods for identifying suspicious emails, learning how to spot and avoid clickbait, and similar concepts can save your company a lot of headaches later. Courses are available online. SANS Cyber Acesoffers free business security courses. Heimdal Security offers a list of 50 free and paid courses for cybersecurity that can supplement your internal training.
- List all assets: Like photographing your treasures for an insurance company, creating a list of cyber assets and sensitive data is a great first step to securing them. Once you know what you have to keep safe, you can come up with the plan to guard it.
- Identify current security risks:List all software, including web browsers, and determine when they were last updated. Patches and updates may seem intrusive and annoying, but they are often released to close known gaps that hackers exploit. Keeping your software and browsers updated offers some level of basic protection.
- Install good anti-virus protection: Business antivirus protection scans websites, links, documents, and emails to identify risky elements. Common packages such as McAfee AntiVirus and Malware Bytes can protect against common threats.
- Disconnect computers with sensitive data: Computers hosting sensitive data can be disconnected from the Internet, thus protecting them from many common threats. If they aren’t linked to the net, only a physical break-in at your office can compromise them.
- Talk to your third-party vendors about security: Companies that send mailing lists out to vendors for production and mailing of marketing pieces or emails should discuss additional security protocols for their lists. You may be great at guarding your data, but your vendor may not hold to the same standards. Find out now how they protect their customers’ data.
- Insist on strong passwords and change frequently: Brute force attacks can compromise common passwords quickly and easily. Some simply try combinations of dictionary words and numbers until they get in, like picking a lock. Random combinations of letters, numbers, and symbols are the most secure. Write down passwords on paper, the old-fashioned way, instead of keeping spreadsheets on your computer. Insist that employees change network passwords monthly.
- Designate someone responsible for :IT and finance departments are the logical places to look for a cybersecurity champion. If you do not have such departments, anyone can learn the basics. You may also wish to hire a consultant or an external IT vendor to improve your systems and teach you how to maintain safeguards.
- Protect all Internet-connected devices: This includes printers, mobile phones, and other devices connected to the Internet. With the advent of the Internet of Things (IoT), more electronic devices than ever connect in some way to the Internet. Put the same protection on these devices as you do your network computers.
- Encrypt extremely sensitive data: Encryption converts data into a code that can be read (unencrypted) only if the recipient has the cryptography key. Although a dedicated device may be needed to encrypt hardware and software, if you deal with highly sensitive data, encryption offers another line of defense.
Consider Cyber Insurance
A new form of insurance to protect business owners against losses or damages resulting from cyber-attack is cyber insurance. This insurance may cover damages to your hardware, software, and network systems, as well as any experts, consultants, or others you may need to hire to clean up after an attack. Although the cost of premiums for such insurance is not cheap, it is far less than the cost of doing it yourself in the event of a breach.