8 best Cybersecurity Practices for your small businesses.

Blogs

Is your sensitive data secure?

It’s no exaggeration: any company can fall victim to cybercrime. Reports of cyberattacks come from government organizations, educational and healthcare institutions, banks, law firms, nonprofits, and many other organizations. Hackers, insider threats, ransomware, and other dangers are out there. Smart businesses are investing more in cybersecurity to eliminate risks and keep their sensitive data safe, and this has already brought the first results. As new research and data indicate a major reduction in the number of cyberattacks in the year 2020.

The question, then, is the following: What can I do as a business owner to protect my data in 2021?

The latest reports indicate an impressive decrease in the number of data breaches alongside the fact that both governmental organizations and businesses have begun to invest more in cybersecurity.

Don’t know where to start with enhancing your cybersecurity policy? We’re ready to tell you about cybersecurity trends and the latest techniques.

Here’s our IT security best practices checklist for 2021:

1. Use a firewall

One of the first lines of defense in a cyber-attack is a firewall. The Canadian centre for cybersecurity recommends that all SMBs set up a firewall to provide a barrier between their data and cybercriminals. In addition to the standard external firewall, many companies are starting to install internal firewalls to provide additional protection. It’s also important that employees working from home install a firewall on their home network as well. Consider providing firewall software and support for home networks to ensure compliance.

2. Document your cybersecurity policies

While small businesses often operate by word of mouth and intuitional knowledge, cybersecurity is one area where it is essential to document your protocols. The Small Business Administration (SBA)’s Cybersecurity portal provides online training, checklists, and information specific to protect online businesses. The Canadian centre for cybersecurity provides a starting point for your security document. Consider also participating in some major programs for Small Businesses, which contain a detailed toolkit for determining and documenting cybersecurity best practices and cybersecurity policies.

3. Plan for mobile devices

With 59 percent of businesses currently allowing BYOD, according to the Tech Pro Research 2016 BYOD, Wearables, and IoT: Strategies Security and Satisfaction, it is essential that companies have a documented BYOD policy that focuses on security precautions. With the increasing popularity of wearables, such as smartwatches and fitness trackers with wireless capability, it is essential to include these devices in a policy. Sophos also recommends that small businesses require employees to set up automatic security updates and require that the company’s password policy apply to all mobile devices accessing the network.

4. Educate all employees

Employees often wear many hats at SMBs, making it essential that all employees accessing the network be trained on your company’s network cybersecurity best practices and security policies. Since the policies are evolving as cybercriminals become savvier, it’s essential to have regular updates on new protocols. To hold employees accountable, have each employee sign a document stating that they have been informed of the policies and understand that actions may be taken if they do not follow security policies.

5, Enforce safe password practices

Yes, employees find changing passwords to be a pain. However, the Verizon 2016 Data Breach Investigations Report found that 63 percent of data breaches happened due to lost, stolen or weak passwords. According to the Keeper Security and Ponemon Institute Report, 65 percent of SMBs with password policies do not enforce it.  In today’s BYOD world, it’s essential that all employee devices accessing the company network be password protected. In the Business Daily article “Cybersecurity: A Small Business Guide,” Bill Carey, vice president of marketing and business development at Siber Systems, recommended that employees be required to use passwords with upper- and lowercase letters, numbers, and symbols. He says that SMBs should require all passwords to be changed every 60 to 90 days.

6. Regularly back up all data

While it’s important to prevent as many attacks as possible, it is still possible to be breached regardless of your precautions. Info Sys recommends backing up word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files.  Be sure to also back up all data stored on the cloud. Make sure that backups are stored in a separate location in case of fire or flood. To ensure that you will have the latest backup if you ever need it, check your backup regularly to ensure that it is functioning correctly.

7. Install anti-malware software

It’s easy to assume that your employees know to never open phishing emails. However, the Verizon 2016 Data Breach Investigations Report found that 30 percent of employees opened phishing emails, a 7 percent increase from 2015. Since phishing attacks involve installing malware on the employee’s computer when the link is clicked, it’s essential to have anti-malware software installed on all devices and the network. Since phishing attacks often target specific SMB employee roles, use the position-specific tactics outlined in the Entreprenuer.com article “5 Types of Employees Often Targeted by Phishing Attacks” as part of your training.

8. Use multifactor identification

Regardless of your preparation, an employee will likely make a security mistake that can compromise your data. In the PC Week article “10 Cyber Security Steps Your Small Business Should Take Right Now,” Matt Littleton, East Regional Director of Cybersecurity and Azure Infrastructure Services at Microsoft, says using the multi-factor identification settings on most major network and email products is simple to do and provides an extra layer of protection. He recommends using employees’ cell numbers as a second form since it is unlikely a thief will have both the PIN and the password.

Security is a moving target. Cybercriminals get more advanced every day. In order to protect your data as much as possible, it’s essential that each and every employee make cybersecurity a top priority. And most importantly, that you stay on top of the latest trends for attacks and the newest prevention technology. Your business depends on it so you must depend on a partner that can offer you the best cybersecurity solution. Info Sys Consultants have over 15 years of experience in securing small to enterprise businesses’ networks and IT infrastructures. Book your free 1 hour consultation with one of our Cybersecurity Experts.

Share this
INCIDENT RESPONSE