For a mid-sized company, it takes an average of $1.6 million to recover from one successful phishing email attack. Can a small business owner afford that, should it happen to you?
Probably not, considering 60% of hacked SMEs have to close up shop after trying to recoup for half a year.
While the threat of a cyber attack is very real and alarming, there are ways you can safeguard your business and ensure you don't fall victim as an easy target to these ever-evolving digital hacks and data breaches.
Here are 10 cyber security system best practices you can implement to protect your business.
1. Put up a Good Firewall
One of the first things you need to do when you create a network is put up a robust firewall. The firewall is the gatekeeper for everything that comes in and out of your network.
Without one, the traffic into and out of your network is unrestricted. This means any cybercriminal can get into your network and wreak havoc if they wish.
When incoming traffic comes through, the firewall inspects each packet of data to double check it's what it claims to be. Should it seem suspicious, the firewall will reject it and whatever malicious files were trying to come in will be blocked.
Although it's a good start, a firewall alone isn't enough to fend off hackers. Below are some other things you can use in conjunction with a robust firewall.
2. Install Antivirus Software on All Devices
The next thing you need to do is install antivirus software on all of your devices. But don't just go for the free ones; while you'll save money on freeware, it won't be the best in the industry. You'll end up shelling out a lot more when the free antivirus software fails to catch a cyberattack and it ends up shutting down your business.
Also, make sure you also install antivirus software on work cell phones. Since smartphones have grown to essentially become pocket-sized computers, a lot of us do our work on these devices too. Cybercriminals have caught onto this and are targeting many of their attacks on mobile devices.
It goes without saying that you should also install antivirus software on your tablets. These devices are often used for work purposes as well, and are just as susceptible to a cyberattack as computers and cell phones are.
3. Install Updates Promptly
It's not enough to just install the proper software and leave it at that. The digital world is constantly evolving and while we try to stay one step ahead of hackers, they do the same too.
As you can expect, nothing stays static. What might work one moment may not in the next week. Cybercriminals are always looking for ways to circumvent cybersecurity actions and finding vulnerabilities in our networks.
This is why it's absolutely vital you install updates and patches. Not only that, but you need to do it as soon as they become available.
Have you ever been guilty of seeing an update notification pop up, but ignoring it because you're in the middle of a meeting or some important work? Well, the longer you put it off, the more your chances of being hacked.
Always take a moment out of your busy schedule to update your firewall and software whenever possible. Perhaps plan it around your break time or lunch so you can work uninterrupted.
4. Have a Strong Password Policy
All that stands between a hacker and your account is your username and password. If they get their hands on your password, then they'll gain access to everything in your account.
Not only that, but if you use the same credentials across multiple websites, they may try it everywhere. As a result, they'll get sensitive data such as your bank and credit card accounts.
Make sure both you and your employees use strong passwords; this means avoiding use of obvious information, such as birthdates, pet names, and addresses.
The best passwords use a combination of capital letters, lowercase letters, numbers, and symbols. Even better is not using dictionary words, but instead, a string of random letters and symbols.
You should also use different passwords across multiple sites. That way, if a cybercriminal manages to guess one of your passwords, at least they can't use it to access your other accounts. In addition, you need to change your passwords every once in a while to switch things up and keep them more secure.
It may be tough to remember all your passwords, especially if they're all randomly generated. In this case, it's best to use an encrypted password manager so the fields automatically generate whenever you're on a login page.
5. Enable Multi Factor Authentication
Building on the last tip, you should also enable multifactor authentication.
Remember how we said all that's standing between you and a hacker is your username and password? Well, you can add an extra layer of security by using multifactor authentication.
In most cases, two-factor authentication (2FA) is enough. 2FA is when you have to go through an extra security check; usually, you get a time-sensitive code sent to you after login to ensure the right person is accessing the account.
For example, you're logging into your work portal. After you input your username and password, if it's correct, it'll take you to the next screen where it wants you to input a 6-digit code.
This code can either be sent to your email address or your phone. In both cases, you'll have a short period of time to retrieve and enter this code on the portal. Usually, you get anywhere from 5 minutes to an hour.
You'll then enter the work portal successfully if you put in the right code.
Multi Factor authentication keeps more fraudsters out because of that extra step in the login process. While they may have your username and password, they can't log into your account because they (hopefully) don't have access to your email account or your phone.
6. Secure Your Wi-Fi Network
One of the worst things you can do is leave your wi-fi network unsecured. This means anyone within range of your router can log on your network without having to input a password.
As you can imagine, cybercriminals can easily get into your system and cause some havoc. Think of it as leaving your front door unlocked.
Here are the best practices for your wi-fi network:
- Encrypt your data
- Use WPA2 for encryption; WPA3 if that option is available
- Make your network hidden
- Do not broadcast your network's SSID
- Change the default passwords on your network
Also, make sure your employees aren't handing out the network password to just anybody. The more people who know your wi-fi password, the less secure your network will be. make sure your workers understand that the password should only be given to those necessary.
For this reason, you may want to set up a second network that guests can use. That way, if they click on something malicious and your network is infected, it won't affect any of your sensitive company data.
7. Have Workplace Training
Your employees are your first line of defense when it comes to cyberattacks. If they're trained to detect suspicious things on the internet, you'll see your cybersecurity increase in efficiency dramatically.
Consider hiring a chief security officer (CSO) for your office so they can continually update your workplace about the most recent threats. They can also provide thorough training about cybersecurity.
If you can provide an open, safe, and positive atmosphere, workers will be more motivated to report suspicious activity, which can, in turn, stop attacks before they can do damage.
If, on the other hand, employees don't feel comfortable at work and fear punishment, suspicious activity may go unreported and result in a successful cyberattack.
8. Run Phishing Tests
Your IT team and CSO can help with this one.
You can learn all about digital threats, but unless you see a real one, it may be hard to detect. Regular workplace phishing tests can be a great way to keep your employees on their toes. It can also be fantastic for gauging how well your workers detect and respond to cyberattacks.
Your IT team and/or CSO can have regular meetings to discuss real-world phishing examples. They can also discuss what people fail the most on these phishing tests and point out what to keep an eye out for.
When employees are well-prepared for the real thing, there's a lower chance of something slipping through the cracks.
9. Regularly Back up Data
One type of malware relies heavily on bartering your data; this is called ransomware. WannaCry is an infamous piece of ransomware that cost at least 150 countries worldwide a total of $4 billion.
How does ransomware work? It infects your device, locks it up, and as the name suggests, holds your data hostage. You'd then have to pay an anonymous wallet some amount of Bitcoin, and then, you receive a key to decrypt your device.
However, this doesn't always work. Cybercriminals have no incentive to help you, so in most cases, they ignore you after they receive their Bitcoin, leaving your data still tied up.
For businesses that don't have data backups, this can be devastating. However, if you regularly back up your data, you're in luck. Should your network be somehow infected, all you have to do is ignore the ransomware; just boot up a recent backup and you're set, rendering the attack useless.
When you back up your data, it's not enough to just have one copy in one place. You should follow the 3-2-1 backup rule.
The 3-2-1 rule is as follows:
- Have 3 copies of your data
- Use 2 different types of storage media
- Have 1 copy offsite (such as cloud drives or portable devices)
If you keep at least one copy of your backed up data offsite, this guarantees that if anything happens at your office (such as theft, flood, or fire), you have a spare copy that's safe somewhere else.
10. Secure Your Physical Office
Much of cybersecurity is focused on the digital world, which obviously makes sense. But people forget that digital information can still be compromised through real-world attacks. So even if you have the best cybersecurity online, it can all be thwarted through poor office security.
For example, an unauthorized visitor can steal information by either stealing papers left out, accessing an employee's computer, or swiping a USB drive.
Here are some good practices for securing your physical office:
- Be vigilant when entering the building; make a report if anyone suspicious follows right after you unlock the door and enter the building
- Have a "clean desk" policy where nothing with sensitive information is left out in the open
- Require employees to password lock their computers and always put it on the lock screen when they walk away from their desks
- Log every visitor and make sure they're always chaperoned when in your workplace
- Give access to rooms on an "as-needed" basis (e.g. only the people in IT have keys for the IT workroom)
A combination of digital and physical security will ensure you put up walls comprehensively.
Try out These Cyber Security Best Practices
Now that you know the top cyber security best practices, it's time to put them into action. Without proper protection, your small business is vulnerable to attacks.
The main thing in safeguarding your company from cyberattacks is to be vigilant and on top of software updates. Your employees are your first line of defense, so make sure they're thoroughly educated on current threats.
By combining several, if not all, of our tips, you can ensure your small business is more resistant to scammers. In the long run, not only will this save you money, but it may also save you from having to shut down your business.
If you need help with HR in your company, please don't hesitate to reach out to us. Just fill out our form and we'll get back to you as soon as possible.