Cyber Security Best Practices: 8 Experts Chime In
Small business cybersecurity doesn’t get the attention it needs. It’s important: could your business survive the damage done in an attack?
8 cybersecurity professionals share their best practices for your small business.
Earl Foote: Nexus IT – Park City, UT
Teach Your Team about Common Threats
One of the greatest threats to your business is poor choices by your employees. Your cybersecurity defenses can, in many cases, be sidestepped or thwarted by employees who are unwitting victims of phishing schemes. Take the time to teach your team about common phishing techniques. Urgent-sounding emails that appear to come from tech companies whose services you use are often fraudulent, especially if they ask you to click a link and enter personal information.
Similarly, hackers attempt to con users into opening fraudulent attachments. If an employee does so, malware such as key logging software is installed silently on the machine.
Regularly take the time to teach your team about common threats like these. Here’s a phishing quiz you can use to help.
Scott Clarke – Menark Technologies – Philadelphia, PA
Have a Plan for Dealing with Mobile Devices
People — employees and customers alike — expect to be able to use their mobile devices to interact with aspects of your business. Gone are the days where “sorry, we don’t support mobile” is an acceptable option. At the same time, you don’t want to open up your entire network to mobile devices, carte blanche. You need a well-constructed plan for dealing with mobile devices: what will you allow them to access, and what should be off limits?
Joe Young – Global Data Systems – Pembroke, MA
Document Plans and Policies
In the event that you undergo a cyber attack, what happens next? If your IT department notices an attempt at an attack, what should it do? Chances are, someone in your organization knows the answer to these and similar questions. Relying on individuals to hold this information is risky, though. What if the only person who knows is out sick or off the grid in the moment of crisis?
Avoid this risk by documenting all your plans and policies related to cybersecurity. If something happens, you and others should know where to find the document with the plan so that you can begin executing that plan.
Shane Kimbrel – Data Magic Computer Services – Coppell, TX
Implement a Firewall
Firewalls may have been techspeak fodder for early-2000s movies, but they remain an important part of your business’s cyber security strategy. Make sure you at least have an external firewall set up and that any employees working from home have one on their home networks. As your organization grows, you may benefit from additional internal firewalls, too.
Chris Chao – Centerpoint IT – Roswell, GA
Back Up Data
Most businesses are only as good as their data. Make sure yours is backed up regularly. For most businesses, multiple redundant backups are an important extra layer of security. You never know when one machine (or server) will die. In the event of flooding, your computers and your on-site backup may all be damaged at once.
You also need to regularly inspect your backup files to make sure they are useable. Your systems may be going through the motions of backing up but not producing readable files (or any actual files at all). Should you undergo a cyber attack in this situation, your business could be in jeopardy.
Nick Nouri – Compunet Infotech – Vancouver, BC
Demand Strong, Complex Passwords
Passwords are a complete pain, but until a better system reaches widespread adoption, we’re stuck with them. Demand that your team use strong, complex passwords, and require them to change them every few months. Much of this can be done at the IT deployment level, if your organization is large enough (or if you’ve partnered with a managed services provider to handle your IT deployment).
Longer passwords that involve a mix of numbers, symbols, and upper and lowercase letters are ideal. These are harder to brute-force and nearly impossible to guess.
Marcel Manning – NexgenTec – Leesburg, FL
Use 2-Factor Authentication
2-factor authentication (2FA) is a highly secure system for verifying credentials. We recommend using it wherever it’s an option. 2FA requires a secondary method of verifying a user’s credentials. The most common method involves texting a user’s cell phone. After a user supplies a valid username and password combination, a code is texted to the phone associated with the account. No one can access the account without that code.
2FA requires a hacker to do more than just steal a username and password. Hackers must compromise multiple accounts or physically possess the victim’s phone to log in to an account with 2FA enabled.
Nick Allo – SuretecIT – Portland, OR
Implement Company-wide Antivirus and Anti-Malware Tools
Training your team to recognize phishing schemes is a great first start, but there are additional ways to tighten security. Install company-wide antivirus and anti-malware tools and keep your systems protected even when an employee makes a poor clicking decision. Many email schemes involving attachments will download and install malware, ransomware, or a virus if opened. With high-quality antivirus and anti-malware software installed, you’re better protected against this kind of threat.
Cybersecurity is of the utmost importance. It’s so important that many businesses are better off leaving much of it to the professionals rather than trying to go it alone. If you’re interested in partnering with a quality MSP to take care of your cybersecurity needs, message us today!