No business is “too small” to be the target of cybercrime. Simply because your business may not be raking in billions, or even millions, of dollars doesn’t mean that you’re scot-free from the possibility–indeed, the likelihood–that you will be hit with some kind of cybersecurity issue. Since the pandemic, there has been a 600% increase in cybercrimes. In just last year, 61% small businesses have experienced a cyberattack, up from 43% in 2019: that’s an increase of nearly 20%, a rate increase too great to allow to go unheeded. In fact, small businesses are low-hanging fruit for cybercriminals. The reason cybercriminals target small businesses is because they know that small businesses are less likely to have strong security measures in place, making it easier for them to breach their data. The question is not if, but when you are hit, what will you have put in place to minimize the impact?
Follow these cyber incident prevention best practices
To cut to the chase: there is no silver bullet for preventing all cybersecurity incidents. There are, however, best practices that can help reduce the risk of falling victim to a cyberattack. We list ten here.
- Ensure your cybersecurity policy supports remote work.
When implementing a cybersecurity policy supporting remote work, consider the following:
- How will employees access company resources off-site?
- What security measures should be put in place to protect company data?
- How will remote employees collaborate and share data?
- What support mechanisms should be put in place in order to help employees adjust to remote work?
- Provide cybersecurity awareness training for your employees.
When providing cybersecurity awareness training, consider the following:
- Employees at all levels are as much responsible for company data as well as management of that data as are CEOs and upper management.
- Employees must know what your company’s document management and notification procedures are.
- Employees should be trained on how to select strong passwords, which must be cryptic and yet memorable (down below is a bit on the utilization of password management).
- Employees should be made aware that they ought not install any unlicensed software on any company computer, as that may compromise company data.
- Employees should be educated on how to responsibly surf the internet as well as utilize their email by being aware of how scams and cyberattacks can come through various suspicious means, as from unknown sources, and can often be identified by odd and unusual spellings, characters, or wording.
- Employees ought to be trained on your company’s policy on the guidance of use of company social media and the use of a company email on social media.
- Employees should have communicated to them your company’s mobile device policy for both company-owned as well as personally owned devices used in the way of business.
- Deploy software patches.
Software patches are corrections or updates to errors (often also called “bugs”) in software. These can be deployed manually or set up automatically. When deploying these, consider the following:
- Common areas that need patches are operating systems, applications or programs, and embedded systems, like network equipment.
- Keep inventory up-to-date of all your systems on a regular (quarterly or monthly) basis as well as standardize systems and operating systems to the same version type.
- Reduce risks by managing your assets through review, which allows you to adeptly prioritize and so remedy vulnerabilities as well as communicate such effectively to clients and employees.
- Finally, patches are for four primary purposes:
- Reducing security risks.
- Keeping systems up-to-date.
- Adhering to compliance standards.
- Improving features and functionalities.
- Have active antivirus and antimalware protection.
There are various antivirus and antimalware solutions in the market, so it is important to find one that is most appropriate for your company. Once you’ve found the best one for your company, it is highly imperative to follow through with its installation and with keeping it up-to-date. Additionally, both antivirus as well as antimalware protection are recommended, as the first is a proactive protection against security threats that might infect your device and the second roots out and destroys activated malware. When selecting the most appropriate cybersecurity protection for your company, it is important to think through some of the following:
- Consider the size of your company.
- Consider the type of data you need to safeguard.
- Consider your company’s budgetary needs.
- Implement MFA.
MFA stands for Multifactor Authentication and is a security measure that requires users to provide more than one form of identification when accessing data or applications, such as a password or code, a security token, or a fingerprint. This reduces the chances of unauthorized data access, which improves your company’s online security, preventing 99.9% of attacks on your accounts. When implementing MFA, you will want to consider the following:
- That the MFA is easy to use, deploy, and onboard.
- That the MFA covers a broad range of authentication use cases and applications.
- That the MFA has pre-built integrations with various applications.
- That the MFA has the admin controls and policies relevant for your company.
- That the MFA has the reporting and analytics you need for oversight of your company.
- Use a VPN.
VPN is an acronym that stands for Virtual Private Network and it encrypts your company’s data as well as affording you the control over who has access to it, which helps prevent data breaches and keep your company’s information safe. When choosing a provider to supply you with a VPN, you will want to consider some of the following:
- Is the service provider reputable?
- Does the service provider offer robust security features?
- Does the service provider have fast servers?
- Deploy SSO.
SSO stands for Single Sign-On and is a solution that can make your employees’ and users’ login processes easier by allowing them the opportunity to log in once to a central system. From there, they can then access all the other applications, programs, or systems that they may require, making the login process more efficient for them. In addition to ease of and efficiency in logging in and accessing applications and systems as well as data, you should consider the following when deploying an SSO solution:
- Is the SSO solution security-focused, as with MFA?
- Is the SSO solution not only fast and easy to deploy but also to administer and manage?
- Does the SSO solution work with the identity provider and/or applications that your company is using?
- Does the SSO solution proactively build toward the future with regular improvements in support and capabilities.
- Utilize password management.
In addition to SSO solutions, a password management solution simplifies the user login process by allowing users to manage their passwords more efficiently and securely by securely storing all passwords in a password manager account. A good password manager will implement something called “zero knowledge,” which means that even though the password manager knows your passwords, the company that made the password manager will not. Some may argue that the trouble with a password manager is that if you forget the master password, you will not be able to access any of your other passwords (unless you remember them) or the accounts therewith linked. Another issue is that if a cybercriminal accesses your password manager account, they will have access to all your accounts. However, many password managers now utilize biometric authentication, as a fingerprint or facial recognition, to authorize access, making password managers even more secure. Additionally, the advantage of using a password manager is that it allows you to have many unique and complex passwords, without having to remember them or write them all down. When utilizing a password management solution, then, you should consider the following:
- Make sure to utilize and turn on MFA.
- Make your master password as strong as possible.
- Install updates for your password manager application as soon as it prompts you.
- Encrypt your data.
Data encryption is the process of converting information into a code that can only be deciphered by someone who has the key to decrypt it. It is done so as to prevent unauthorized individuals from accessing the information. Data encryption is a critical tool in cybersecurity because it can help reduce the exposure of your data to risk and ensure compliance with data privacy regulations. When implementing data encryption, you will want to consider the following:
- Identify the sensitive data that you need to encrypt.
- Make sure to encrypt data “at rest”–or store at your facility.
- Make sure to encrypt data in transit, whether through email or being accessed in the cloud.
- Ensure that encryption keys are well-managed, being changed regularly.
- Make sure to monitor your encryption performance on a regular basis, checking for efficiency and effectiveness.
- Have backup and disaster recovery solutions.
Perhaps one of the most important parts of preventing cyber incidents is to have backup and disaster recovery solutions, which a good provider will offer. It is critical to have these solutions in place ahead of time in case of system failure or data loss/breach. Once you do have these solutions in place, you will need to test them regularly to ensure that they are working correctly. You will want to make sure to research the various options out there and find the solution that best suits your company. When doing so, consider the following:
- Does the provider offer a hybrid cloud backup solution?
- Can the provider supply instant local virtualization?
- Can the provider generate proof of backup?
- Does the provider virtualize off-site?
- Does the provider deliver an off-site sync system that will manage bandwidth?
- Does the provider offer multiple data centers in diverse locations?
- Is the provider equipped to offer intelligent business continuity?
If you’re a small business owner, you may not have the time or expertise to implement effective cyber incident prevention best practices. However, by partnering with us, you can leverage our experience to build a digital fortress around your business. Contact us today to find out how we can help you protect your business against potential cyberthreats.