In the world of Cybersecurity, it has always been the biggest targets, like governments and large corporations, and the smallest targets, like the unprotected consumer, who have been most at risk. However, as bad actors on the Internet gain computing power and better attack methods, better-protected consumers and small businesses have increasingly fallen under the cross-hairs of hackers and scammers.
According to the 2019 Verizon Data Breach Investigations Report, small businesses made up 43% of defeated cyberattack targets. Over the past 15 months, that rate has been verified and surpassed with nearly 50% of small businesses suffering successful cyber attacks. According to SMBCEO, the average attack on small businesses during that period equaled and exceeded $200,000 in damages. That is more than enough to put the average small business owner out of business for good, and the data shows that almost 60% of small business owners attacked successfully did go out of business.
The unfortunate fact is that cyber attackers are waging an all-out war against all potential targets, and the only practical response is to arm yourself. That’s why we have compiled the following list of digital security tools and techniques that you must have to reduce your cyber risk profile in 2020 and 2021.
Your Small Business Cybersecurity Plan Checklist
The first thing anyone must do to mitigate the risk of any type of threat is to understand and accept that you can be attacked. Therefore, some of the items on our list are not products or tools, but attitudes and practices, which we list first.
Cybersecurity Attitudes & Practices
1. Expect Attacks
Rule number one is to accept that in time, attacks are inevitable and to prepare for culturally and technologically to defend against them and to recover from the damage done by a successful attack on company data, credit card ID and access info., and other sensitive information.
2. Maintain a Robust Password Policy/Culture
Employees at all levels of network access should be thoroughly trained in password security. Using the same password on multiple machines and accounts should be frowned upon, and perhaps even sanctioned. Employees should be verifiably trained in what makes strong passwords strong, what makes weak passwords weak, and how to create high-quality passwords.
3. Deploy a Layered Defense
Because we know and accept that our cyber defenses will be penetrated, it only makes sense to have more than one layer of defense. This means using a series of different security controls, anti-virus and malware protection, multi factor authentication, network security, cultural protection, and more. If an attacker does bypass one layer of security another layer should immediately present itself to them.
4. Enforce Email Restrictions
In today’s highly remote-work-oriented workplace, it might be difficult to enforce email restrictions. One way around this is to have more employees use company-owned equipment. It’s one thing for an employee to use poor email hygiene on his or her own machine, but one a company machine- it’s different. However you achieve it, email restrictions should be enforced as emails are a primary access point for cyber attackers to obtain their victim’s data.
5. Train Everyone
Understand that Cybersecurity is everyone’s business, not just IT and not just management. Everyone who regularly uses network machines and anyone who may use network-connected machines should know and use good password practices and understand the necessity of guarding against cultural security attacks. Make sure your training program reaches everyone with network access or who may obtain it to ensure that they understand what phishing emails are, are trained in cultural attacks, and is alert to other common threats.
Cybersecurity Tools & Technologies
1. Data Backup
While backing up your data might fall under attitudes and practices, the fact is that you cannot be deprived of any piece of data that you backup. That doesn’t mean illicitly copied sensitive information that you still possess cannot be used against you, but backed-up data will always be within your reach. Any company data or critical data that you need to operate should be copied to a machine that cannot be accessed via the Internet or any other remote access connection. Naturally, this means that you need a robust storage system with additional backups to help protect against equipment failure, fire, flooding, and the like.
2. Desktop Security
Every terminal and user should be protected at the individual level. This means positioning screens to guard against “shoulder surfing,” which is when someone steals information by looking over the shoulder of a terminal user. Using password-protected screen savers is a good way to help users protect their data when they step away from the terminal. Of course, this also includes strong passwords, firewalls, anti-virus protection, and more. Another important way to protect key terminals might be to use operating systems that are especially stable and resistant to malware such as Linux OS, and macOS to some extent.
3. Network & Online Security
Every Internet-connected business, every network, and in fact every computer user should use a Virtual Private Network (VPN). Browsers should have pop-up protection installed and enabled. All data gathering efforts by companies should be opted out of, and virus/malware protection should be active at all times when any Internet-connected machine is running. All of this goes doubly for mobile devices, which are especially vulnerable when accessing the Internet through a public Wi-Fi hot spot.
4. Anti Virus Software
There are anti-virus protections for browsers, networks, and individual machines. These should be active on all company machines, and they should be updated as often as possible. What’s more, anti virus scanners should be engaged periodically. Keep in mind, if you run a virus scanner, and it detects and quarantines one virus- you should run the program again. Because a virus can sneak in by hiding behind another!
5. Virtual Private Network
Every small business owner should use a virtual private network to protect their data, their connection, and their customers. Small business owners not using a VPN are one of the primary targets for cyberattacks in 2020.
Of course, no list of cyber security tools and techniques can ever be complete as long as attackers are constantly researching and developing new ways to access your machines and critical data. To learn more about cybersecurity, network security, and what you can do to keep your small businesses safe, get in touch today.