If you are a small to medium sized business owner cybersecurity can seem overwhelming, out of reach and expensive. But ...
If you are a small to medium sized business owner cybersecurity can seem overwhelming, out of reach and expensive. But that's not the case. There are plenty of things you can do yourself with little expertise and without spending a ton of money. Here are 10 tips that will help improve your organization's security posture right now.
1. Regularly update or enable auto updates on operating systems and applications that are installed on your computers and mobile devices to protect them from attackers. This is simple to do and can be done from the settings menu.
2. Ensure all accounts are configured with multifactor authentication, email, banking sites, business applications and even social media. If your data is breached or your password is guessed, if you have MFA set up, the hacker would have to also have access to your mobile device to then approve the sign in through your method of MFA. You can use an authenticator like Microsoft or Google or choose to have the application text a code to your phone every time you login. It may seem like an inconvenience but I promise, a data breach is a much bigger inconvenience.
3. Regularly backup critical systems and data. Offsite backups and cloud backups are options depending on your preference, budget and needs. But either way, if you are backed up, you have more options should a data breach or loss occur.
4. Deploy a firewall to protect your internal network from the internet. Firewalls can be relatively inexpensive depending on your network and they are always worth it.
5. Use a password manager and if you aren't, use strong unique passwords for every account. A password manager takes the leg work out of having to come up with strong complex passwords. It also ensures you are never reusing passwords. Don't use the password manager in Chrome, Edge or any other internet browser, those store your passwords in plain text so if someone gets into your system, they can see all of your passwords. If you aren't using a password manager, don't reuse passwords for any accounts. Require employee's use different passwords for their work accounts than any personal accounts.
6. Install and use anti-virus software on every workstation.
7. Practice Least Privilege Access. Limit access to to sensitive systems and data to only those personnel who absolutely need that access. Employees should only have access to data that is necessary for them to perform their role.
8. Conduct cybersecurity awareness training for yourself and your team. This should include simulated phish testing done by a third party. If your employee's "take the bait" they receive a short training video about what they should have seen in that email that was a sign that it was a phish. Security awareness training and phish testing keeps you and your team on their toes and keeps employees from clicking on the real phishes.
9. Develop an incident response and business continuity plan. No one wants to think it will happen to them but the unfortunate reality is that it has now become a case of "not if but when." For help to jump start the process, you can download our free Cyberattack Planning Worksheet.
10. Use caution with email attachments and untrusted links and watch for suspicious activity on your accounts. According to CISA, 90% of all cyberattack start with a phishing email. So don't take this lightly. Phishing attacks are on the rise and they work.
These are all things that you can start to implement for your business now. Many of them are free and easy. If you need help with any of them, we are happy to answer your questions. Schedule a call with us and we can go over any questions regarding cybersecurity for your business.