10 Do's and Don'ts of Cybersecurity for Small Businesses - Cybersecurity & Data Management

10 Do’s and Don’ts of Cybersecurity for Small Businesses

The best way to avoid cyberattacks is to be prepared. Small businesses are especially at risk of attack because they are like low hanging fruit to hackers – the most vulnerable, with the least amount of security policies and practices implemented. A little prevention will save you a lot of headache and money in the long run. 

1.Avoid phishing scams through email

Phishing is quite common. It is the practice of sending fraudulent emails professing to be a reputable person or company. For instance, a hacker might send you an email posing as a coworker. The email appears to be legitimate but it’s not. Often the perpetrator is trying to glean personal information like passwords, employee data, company credentials, or even credit card numbers.

It’s important to screen all your emails before clicking on any links or responding to them. Don’t click on links or open attachments unless you are certain about who the sender is. If it seems questionable, forward it to your IT team for them to investigate it.

2.  Avoid malware and ransomware through a virus

Viruses can infect your computer through either email or a download from the internet. Working remotely has increased the likelihood of infecting your computer with malware or ransom because those who previously worked closely with a team are now physically distanced with less communication between coworkers. You need to have a strong anti-virus strategy in place to safeguard against the potential threat. 

This is also why it’s also important to have a back-up system in place. Back-ups are your plan B when your organization’s data infrastructure is eventually compromised with malware or ransomware. They provide your organization with assurance of data security and integrity.

3. Use Strong Passwords

Don’t underestimate the strength of a good password.  Although often overlooked, a good password is a first step in protecting your system. A strong password would be at least 12 to 15 characters in length and include capital and lowercase letters, and numbers. Use a new password that is long and hard to break for each of your password-protected sites. 

You can keep all these passwords securely in a password-protected keeper service.  You will only need to remember the password to enter your vault.

4. Be sure to train your employees

Your employees are your front line defense against cybercriminals. It’s important to have them well trained on how to spot a cyber threat. Enroll your employees in cybersecurity training, or create and regularly conduct your own training specific to your organization. There are certain trainings that are required by industry such as PCI training requirements.       

5. Keep all your software up-to-date

Hackers are looking for holes in your software’s programming code that will allow them to infiltrate your network. Developers are continually updating their code to provide “patches” for these holes. It’s important to keep your devices up-to-date with the most current patches.  

6. Back-up everything, all the time

In the best-case scenario, you need to have three copies of all your data:  the original, a backup for yourself, and an offsite copy. There are many off-site back-up options that will monitor your data for changes and automatically update as changes occur. External hard drives, a separate computer, or a flash drive are all ways you can also back-up your data.            

7. Become a limited user

You want to become a limited user on your computer instead of an administrator.  Administrators have the authority to install and remove software. This means if you innocently stumbled across a website that has malware on it, the malware could instantly go to work infecting your computer. “However, if you’re not your computer’s administrator, the malware won’t work. Why? Because only the administrator has the authority to make changes to your system’s software.”

8. Don’t solely rely on antivirus programs to protect you.

Antivirus programs may provide you with a false sense of security. They can’t keep up with all the threats out there. They can provide warnings and even block some malware or attacks.  Be sure to update them regularly.   

9. Don’t trust anyone.  Always think before you act.

Hackers will use your friends, family, or business to lull you away into a false sense of security. Before you click on a link or attachment from a friend take a moment to consider whether you’re expecting an email from them. Remember never to give out your account number or password.

10. Don’t become complacent about cybersecurity

Hackers are banking on you letting your guard down. Stay vigilant and assume you’re always under attack from outside threats.