Some simple steps that make a huge difference to the cyber security of your small business
There’s an old joke that when you’re hiking in the woods you don’t need to run faster than a bear, you just need to run faster than your friend. Small business cyber security is the same—you don’t want to be an easy target. If you make your company just that little bit harder to hack into many hackers will look for easier victims—the ‘bear’ will eat a slower victim.
Even if you are the target of an attack, these five cyber security tips will make it harder for a hacker to break into your systems. These basic steps might give you extra time to detect an attack and prevent the bear from from ever taking a bite out of you and your profits.
1. Stay up to date on cyber security issues
One of the most important, and easiest, things you can do to protect your computers, devices, and company data and IP is to keep all your software and systems up to date. Windows, MacOS, iOS, Android—all of these operating systems are patched when security vulnerabilities are found. When you install the updates you close holes hackers can use to get into your systems. When you skip updates you’re giving hackers a way to hack into systems. Once security vulnerabilities are publicly identified, everyone—good people and bad—knows how to exploit the zero-day flaw.
While you’re updating your computers, devices, and apps, don’t forget your other systems like your website and your routers. Updating these systems might take a little more help and expertise, but they are just as important as your computers and phones to keep updated. Routers, especially popular models, are common targets for attacks, as we saw in May 2018 with the VPNFilter malware attack on home routers.
Hackers look for ways into a company network through email servers, websites, and even security cameras. Routers, websites, and servers aren’t always top of mind for you to update, but they are top of mind for hackers.
Stay updated, stay safe.
2. Have regular, secure backups
While it’s important to have backups to protect against computers breaking, backups are critical for protection against ransomware, malware, and viruses. When ransomware strikes, it can cripple your business, but if you have backup servers—you can simply roll back to a pre-attack “state”. When you have backups you have a safety net. Keep in mind that virus, ransomware, and malware authors know backups are a critical line of defense. You need to plan ahead and protect your backups too.
3. Use better passwords
You’ve heard all the advice about using better passwords:
- Don’t use any of these 25 passwords like password, qwerty, 12345678, or login.
- Don’t use the same password twice.
- Use combinations of uppercase letters, lower case letters, numbers, and symbols like.
- Make your passwords hard to guess but easy to remember.
You probably tried doing the above for a while. Then it got hard. You started writing down passwords. You started reusing passwords you thought were clever. We’ve all been there. Everyone feels frustrated with all the passwords we have to remember. We don’t blame you, except using better passwords is a proven way to thwart hackers.
What’s the solution? Personally, I try to remember as few passwords as possible (about 5 or 6). For the rest of the hundreds of other passwords for services around the internet, I use a password manager to generate random passwords and store them for me. I have no idea what 99% of my passwords are and I don’t have to because my password manager is integrated with all my devices and synced across them. When I need to enter a specific password I enter the master password for the vault and the password is there for me to copy and paste.
Even without using a password manager, there are lots of ways to generate better passwords from websites (Random.org is one of my favorites) and sites where you roll a dice to pick words from a list to make a phrase (for the geeky among us the Electronic Frontier Foundation’s fandom list is fun). The point is, however you start using stronger passwords (and getting your employees to do the same), just start doing it.
And while you’re at it, make sure your routers and other internet-connected devices (like security cameras or thermostats) aren’t using the default usernames and passwords either.
4. Secure your mobile devices
It’s funny how we don’t really think that these amazingly powerful computers we carry around in our pockets are part of our small business cybersecurity efforts. It’s just a smartphone, I use it to make calls, send messages, play games, email clients…
Our mobile devices are just as much a part of the cyber security picture of your business as the computer sitting on a desk. Smartphones are connected to your network, so if an employee downloads a new app that’s really a trojan horse to infect routers with malware or email a virus to contacts, you’re in just as much trouble as if it happened on a laptop.
More and more companies are allowing—even encouraging—employees to use their own devices for work. Bring Your Own Device (BYOD) policies are great for productivity and employee engagement, but present real risks to your company. While you can’t control what employees do with their personal devices on their own time, you can control how they access your network and data. The easiest way manage your data on an employee—or any—device is with a Mobile Device Management (MDM) system. An MDM is a set of mobile apps and tools that let you segment and secure your company’s data and information away from an employee’s personal information on their phone.
An MDM allows employers to:
- Control which devices can connect to company email
- Shape how files are shared
- Remotely erase company data from a lost or stolen phone.
MDMs allow employees to keep company data on their own devices, but keep the data protected and secured. If an employee gets malware on their device, it can’t get into the company data, and company data can’t leak out onto the personal side through shared files or images. MDMs give companies and employees peace of mind that work and personal data can be on the same device and not interfere or be at risk from the other.
5. Educate your employees on small business cyber security
In computer security we say the weakest links in the security chain are people. People choose bad passwords and share them. People click on links in emails and launch viruses, malware, and ransomware. People fall for phishing scams and let hackers into company emails and systems. We know people are the problem, but the solution is easy—education.
Our computers and systems are intimately and intricately intertwined; one person clicking one link in one email can bring an entire city or airport or hospital to its knees. While better security software on servers and computers prevents many of these attacks, hackers will find new ways to circumvent security software.
To avoid becoming one of the millions of businesses forced to pay ransom for their files or have a catastrophic failure from a virus, you need to educate employees about computer security. Reminding people not to blindly open files emailed to them. Not to click links to reset their password because it looks like the email came from their bank. Reminding people that asking “Hey did you just email me a file?” or “Did someone ask to reset the Twitter password?” before opening a file or clicking the link is all it takes to prevent an attack from starting in the first place.
Then you can work on getting people to pick better passwords.
You can’t stop all cyber security problems, but you can prevent most of them
These five small business cyber security tips aren’t going to prevent all computer hacks or disasters. Having good backups mitigates the damage caused by viruses, better passwords make systems harder to hack, updates fix security flaws, MDMs secure devices, and security education is just good for everyone. A determined hacker who really wants to hack into your company will find a way in, but most of us aren’t at companies that have to worry about those threats.
Like anti-virus programs, an MDM puts another strong barrier in the way of hackers trying to get your data. The goal with nearly all computer security tips is, as I said in the beginning, to be faster than your buddy, not faster than the bear. You can’t ever have perfect security and run an internet-connected, productive office, but you can be a lot safer than you probably are and you’re just five steps away from that goal.