Small businesses are the backbone of the economy, employing more than half of all private sector workers. But small businesses are also easy targets for cyber criminals.
Imagine you are a cyber criminal and you are looking for your next victim. Do you go after a large enterprise that probably has an internal security team focused solely on protecting the company’s assets? Or, do you go for small businesses that, cumulatively, have vast sums of money, but lack security controls? It’s far more likely that you’ll go after the small business.
It’s not like the movies – hackers don’t want a challenge, they want your money and they typically go for the low-hanging fruit. Unfortunately small businesses are usually easier targets.
Whether you have in-house IT support or you use a third-party to manage your security for you, here are some tips for protecting your company:
1. Patch immediately
When a vulnerability is found in an operating system by the manufacturer, the company will work out how to patch the problem and send out fixes to all registered users. These are the software updates that pop up now and again on your screen. Some companies rely on the staff to apply these upgrades, whereas some manage upgrades centrally. Either way, install the patch immediately. A published vulnerability is a security hole hackers know exists, and they also know that millions of people won’t bother to patch them. Until every computer is patched, you are susceptible to a security breach.
2. Upgrade Windows XP as soon as possible
In April 2014, Microsoft discontinued support for Windows XP. This means that any vulnerability with the operating system will no longer be fixed. Essentially, it will open the door to hackers who find these faults and use them to gain entry to your network via malware. It’s highly likely that these faults have already been discovered by hackers and they are waiting to unleash a barrage of cyber attacks globally. The only way to avoid becoming a victim is to upgrade your operating system. Operating systems released after Windows XP were designed with security as a priority, and so they are a far better option.
3. Mobile phones and tablets need protection too
There is little point protecting your computer network if the mobile devices that link into it are not protected. To a cyber criminal, it is an access point to be exploited. People are still becoming accustomed to the concept of securing mobile devices, but consider what would happen if a criminal gained access to your work smartphone, including your contacts, emails and financial information, not to mention the data on your network. Whether your staff is using company-provided or personal devices, every employee should have mobile security running on those devices.
4. Back up and synchronize
There has been a spate of ransomware attacks in the past year and these are set to become more commonplace. Once attacked, a message will appear on your screen telling you your files or computer has been encrypted and then demand a ransom to give you access again. Of course, there is no guarantee you will get access. By backing up all of your content automatically and on a regular basis, you are in a better position if such an attack occurs. But be warned, the backup must be offline or the ransomware could possibly encrypt this too.
5. Use up-to-date antivirus software
AV software works as a community. When a new piece of malware is detected trying to gain access to a computer or mobile device, it is quarantined and sent to AV labs for testing and breaking. Once the virus’ signature is defined, it is sent to every registered user of that labs’ software to protect them in future from this new threat. This can happen in as little as eight seconds. Without up to date AV software, you don’t have this protection. It is not unusual for our labs to detect more than 15,000 malware variants in a 24-hour period, giving a sense of the size of the problem.
6. Ensure your cloud and virtual environments are also secure
Virtualization is becoming more and more commonplace with small and medium sized businesses rapidly adopting the technology in order to increase performance and reduce costs. As you can imagine, securing these environments is also important for preventing unwanted eyes prying on your private corporate information.
7. Give employees privacy screens
Privacy screens clip onto a laptop screen or mobile device and make it more difficult for roaming eyes to see what’s on the user’s screen. The user, however, won’t notice any difference in the screen when they look at it head-on, while the person next to the user will only see a black screen. This is particularly good for commuters and business travellers.
8. Secure your Wi-Fi (circa 2001)
It is surprising how many Wi-Fi networks are still unsecured. As a minimum, try to use WPA2 (WiFi Protected Access II) encryption instead of WEP (Wired Equivalent Privacy) because WEP is relatively easy to crack. Little more can be added to the subject – make securing your Wi-Fi network a priority.
It is great to hear that, for the first time ever, ‘Password’ is no longer the most commonly used password. Unfortunately, it has been replaced by ‘123456’. Hackers use tools that try multiple combinations to crack passwords. The most common ones (like ‘123456’) are tried first. After that, they try word combinations, sometimes helped along by information they find about people online, such as their birthday. Adding symbols and numbers makes it a lot more difficult to crack.
10. Trust me, your data is more interesting than you think
SMBs often have the false perception that their data won’t be that interesting to anyone, so there is no need to protect it. But your competitors care about it, as it means they would be able to undercut you on bids. Cyber criminals care about it because it gives them access to your financial accounts. Your employees and customers care about it because their information in the wrong hands can cause harm to them. And you should care about it because it can cause tremendous damage to your business, employees, customers, not to mention your reputation. Never underestimate the value of your business to others.
11. Prepare your people
Employees are often the weakest link when it comes to digital security, so teach them. Create a security policy that sets out how they should behave online and your expectations of them. Run regular sessions on security, and explain why it’s important to them personally and to your business. They hold a great deal of responsibility, and so they need to understand the dangers and have clear processes to follow.
12. Accept that devices will get lost or stolen
It happens to the best of us, so be prepared for it. When it does, you want to have the ability to remotely wipe the phone of all data using the mobile security software running on it. You’ll also want your device to be backed up so that when it gets lost or stolen, you can quickly upload all of you contacts and data onto a new device. Losing devices is inevitable, but losing time and content is entirely avoidable.Armed with this knowledge, you can greatly improve the security profile of your business.