Six solid recommendations...
Small and medium-sized businesses are candidates for cyber attacks just like large corporations. By one estimate, 65% of all cyber attacks are directed at SMBs. A hack can result in a large loss, can be expensive to clean up and can threaten the very survival of the business.
One reason cyber criminals target smaller businesses is that they often lack the sophisticated protections adopted by mega businesses. The good news is that a strong cyber defense doesn’t have to be expensive. It does, however, require being aware of cyber security and training employees to do the same.
Here are good recommendations that all businesses need to follow:
- Establish a cybersecurity policy and train employees in the use of its elements. A good cybersecurity policy for a small business should have a clear statement of purpose. It should include elements like secure storage and transfer of data, protection of employee devices and passwords and protection of emails and messages. An internet search will identify guidelines and templates for developing a policy.
- Protect all computers including employee mobile devices. - All devices should be password protected and all should be updated as soon as updates become available. Employees should not use public networks which can be a breeding ground for malware and viruses.
- Ensure that the business network is protected. A good security program with antivirus protection is essential. All the well-known security programs have business versions. If the business has a wi-fi network, especially if it is used by customers, special care needs to be taken.
- Insist on good password management. - All passwords should be strong. They should be remembered, not written down. Passwords should be changed on a regular basis, say every two months, and should be changed immediately if any device is lost or threatened by malicious software. Passwords should not be shared. If all this sounds formidable—and it is—these tasks can be handled with a password manager.
- Keep emails safe. Suspicious emails should not be opened. If they are opened by accident, links should not be followed and attachments should not be opened. Report suspicious emails to a security specialist.
- Limit employee access to data.
Every point of access is a potential entry point for malicious actors. If employees do not need the data for their work, do not give them access. If customers or partners can access any of your business data, make sure they have good security policies and data practices.
Good security practices protect the business against financial losses of many types. Equally important, they protect the trust a business has worked hard to build with its customers. That is the most important asset of all.