October is Cybersecurity Awareness Month, but that doesn’t mean that our cyber awareness shouldn’t be equally front and center every other day (and month) of the year. For the small business owner or director of a non-profit organization such as a Chamber of Commerce or school, keeping a network safe from cyber criminals can seem like a full-time job. Whether your business is located in Illinois, Indiana, or Wisconsin (or anywhere else in the United States), cybercriminals are waiting to pounce.
An article in Business News Daily from earlier this year suggests that cyber-attacks could double by 2025 and that 60% of businesses have no cybersecurity policy in place. It makes perfect business sense to partner with a Managed Services (IT) team that can guide you through the process of making your network secure and helping you keep it that way.
The Federal Communications Commission notes that while broadband and other technology can be powerful factors in helping businesses reach new markets, it’s critical that businesses need a cybersecurity strategy in place to do so safely.
Here are some cybersecurity tips that you should know, as a business owner and how to help prevent unwanted intrusions for cybercriminals.
- Training employees. This is perhaps the most important part of any cybersecurity strategy. The overwhelming number of hacks and intrusions into a network are a result of human error. Conduct regular training so that employees recognize the latest threats, and that they understand what to look for as a phishing scam.
- Establish basic security practices for employees. This includes requiring strong passwords, and policies about Internet use. Cyber experts generally agree that between 80% and 85% of intrusions can be traced to passwords.
- Strong passwords should include a series of numbers, letters (in both upper and lower case), and some unique marks, such as exclamations or !@ or ^. Strangely, the most common password in 2022 used was still “123456” according to information from Business News Daily.
- Require everyone to change passwords regularly, at least every three months.
- Require two-factor or multi-factor authentication for emails and other access points.
- Don't allow password saving. When you or your employees have an option to have Google or other platforms remember your password, do not allow it. If Google gets hacked that potentially exposes your information to hackers. It is an inconvenience to have to log in separately each time, but not nearly as inconvenient as the cost and aggravation of a data breach.
- As part of a company Internet policy, do not allow any personal information on workstation computers or networks.
- Back up all data to a cloud server, which will go a long way toward neutralizing ransomware threats.
- Be certain that you are using the latest anti-virus software and that all updates are installed in a timely way – as soon as they are available.
- Limit access to sensitive data, including computers. Prevent access or use of business computers by unauthorized individuals. The FCC article states that laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and requires strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
- With financial information in particular, encrypt files for further protection.
- The US. Small Business Administration recommends safeguarding your Internet connection by encrypting information and using a firewall, and if you have a Wi-Fi network, make sure it is secure and hidden. With Wi-Fi, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password-protect access to the router. If you have employees working remotely, use a Virtual Private Network (VPN) to allow them to connect to your network securely from out of the office.
- Have a strong mobile device action plan in place. The FCC recommends requiring users to password-protect all devices, encrypt all data, and install security apps to prevent criminals from stealing information while the phone is on a public network. They further advise establishing reporting policies for lost and stolen equipment.
- As a follow-up, avoid using public Wi-Fi wherever possible. One alternative is to use the hotspot option on a Smartphone rather than expose data to an open network.
A Forbes article offers this cautionary tale: If your business hasn’t experienced a cyberattack yet, that doesn’t mean your security protocol is enough. Almost 42% of SMBs have experienced a breach in the last 12 months, and with experts noting a new trend toward smaller and more focused attacks, that number is likely to increase.
It is very important to do everything you can to protect your business or organization and its infrastructure. If you have questions or would like to know more, please contact us here or give us a call at (888) 357-4277. We’re here to help!