Small businesses are an ideal target for hackers, they often are too small to have an established Information Security department, making them easy targets. The effects of a cyber-attack on a small business can be devastating; approximately 60% of small businesses that suffer from a cyber-attack go out of business within six months of that attack according to the National Cyber Security Alliance. Combine this with the fact that 43% of the time small businesses are under targeted attacks by cyber criminals. These statistics demonstrate the importance of protecting your company’s digital assets in its early stages. Here is a list of best practices for protecting your small business:
1) Regularly Upgrade Software
A survey from Smart Metrics located in Toronto found that 62% of small businesses don’t regularly upgrade their software products. This means more than half of Small Businesses leave themselves vulnerable to data breaches that have already had solutions created and made available to them. This tip is very important because it doesn’t require any technical skill or knowledge you simply have to be willing to put it in the time and do all of the required patches, making it an area that every small business can improve upon.
2) Encrypt Your Information
The survey found that 78% of small businesses do not encrypt their databases, meaning that any data leaked from your company will be useable to the attacker. This is particular frightening when you consider some of the IT assets owned by small businesses include things like email addresses, phone numbers, credit cards, full names and many other forms of personal and business information. Many Operating Systems have built in Encryption program such as Microsoft BitLocker (Windows) and Apple FileVault (OS X). It is also important to ensure USB drives are encrypted, because once encrypted files are copied over they can be automatically decrypted. Some price comparisons on retail encryption software please visit here.
3) Develop an Internet Policy
About half of all Cybersecurity incidents result from user error or system misuse, it is important that your company has a written policy that governors appropriate use of the Internet in the workplace. Employees are usually a company’s weakest link in Information Security and it’s vitally important that you educate your employees in order to prevent them from causing damage to your company. Offer training on how to spot phishing emails, what not to browse on the internet and the consequences associated with not following the policy.
4) Invest in Cybersecurity Insurance
General Business liability insurance may not help you to recover losses associated with a cybersecurity attack, you may need to purchase a separate cybersecurity insurance plan. Fortunately, many of these plans can be tailored to the needs and scale of your company making it affordable on a tight budget. A plan like this will enable you to recover costs from business interruption, damaged hardware and costs associated with an affected party suing you.
5) Two-Step Authentication
For a long time passwords have been the go to method of authentication by most businesses. But with modern day computing power its simple a matter of patience for even relatively strong passwords to be cracked. A great way to counter act this is by implementing two-step/two factor authentication. The way it works is that in addition to having a username or password a user will be required to an additional piece of identification. There are several ways you can do this, some of the most common are:
1) Hard Tokens: Like an employee badge or QC code.
2) Verification codes: Sent to a users phone or email at the time of login.
3) Biometrics: Like a finger or retinal scan