We now live in what can accurately be described as the digital era. As our lives exist in both the physical and digital planes equally. The same is true for the world of business, where companies operate through both physical locations and online — offering unique experiences for each channel.
As companies embrace modern and digital technologies more openly, there are many benefits that can be realized such as improved efficiency, optimal customer experience opportunities, and the always-welcome revenue boost. But all of that also comes with risk. This is especially in regards to sensitive data and information — trade secrets notwithstanding.
Cyber security is incredibly important in today’s landscape, even more so for small to medium-sized businesses. They have a lot more to lose, and a lot fewer resources to work within the aftermath of an attack. So, it’s important that you learn and understand how to protect not just your business and regular operations, but also any other digital content you handle.
You might not be able to afford the large, preventative measures that successful corporations do. However, you can certainly still protect your business from potential cyber attacks.
1. Update Everything
There are many instances of viruses, trojans and even ransomware that wreak havoc on a swath of devices and networks simply because of outdated software. The more you put off that Windows or mobile security update, the more likely it is that you’re going to experience an attack. WannaCry, for instance, was able to infect so many systems because they had not been updated, despite the fact that Microsoft had patched the vulnerability weeks prior.
Later, NotPetya is another form of ransomware that spread through the very same vulnerability WannaCry did, revealing that even after such a huge attack people still hadn’t updated their systems.
Don’t be lazy. Update all your software and devices as soon as a patch is available. If you’re in the middle of doing something when a notification or alert appears, make it a habit to start the update as soon as you’re finished.
2. Encrypt Sensitive Data
Ultimately, you should be encrypting any and all data that is flowing into or out of your business networks and systems. That includes customer details, credit and payment info, business orders and much more.
Data encryption is one of the most efficient ways to lock down and protect data. The information is essentially hidden behind an encryption key. Without that key, you cannot decrypt the data and read it. That means, even if there is a breach and digital content or data is stolen, most likely it will not be of any use to the thieves.
There are ways around encryption, as with most digital security measures, but the time, effort and resources it takes are just too great for most thieves and hackers. Download and install an encryption tool on your systems, and continue to protect all data.
Encryption is becoming more and more necessary as new laws and regulations are launched. U.S. defense contractors or subcontractors, for instance, are starting to see this with DFARS, a new set of cyber security requirements.
3. Acquire Cyber Security Insurance
Data breaches and cyber attacks happen, whether you’re prepared for them or not. These days, the events can be costly, even more so if it involves customer or client data. Losses can be mitigated simply by investing in cyber security-enabled insurance, especially for a small business.
Just one small attack could bring your entire business — and profits — to its knees. It’s akin to driving around open roadways without insurance. When an accident does happen — and it most likely will — you’re left alone and unprotected and that means other drivers can sue to recuperate costs.
4. Educate Your Team(s)
Negligence is also a concern when it comes to physical and digital security. For example, if an employee walks away from a company terminal and leaves it unlocked, anyone could then access the system. It’s a simple measure, but it’s just as important as installing a firewall or maintaining good internet security apps.
Spend time educating your employees about security, particularly how they fit into the overall picture. What can they do to protect the business? What should they be doing to protect themselves while on the job?
5. Restrict Network Usage
Many larger organizations rely on an internal firewall that prevents employees from visiting certain online portals and websites. There’s a security benefit to blocking access to sites like Facebook and Twitter, for instance. Forget the fact that employees shouldn’t be browsing such portals on the clock, there’s always a potential to stumble across an unscrupulous site or hyperlink.
It’s safer to install a restrictive network tool and then build a blacklist of sites your team(s) cannot visit.
6. Install the Right Software
This tip could form the basis of the entire article. It’s important to understand that this is one of the most important security measures any business or individual can take.
Security-related software can help lock-down your systems, network and network traffic, and help clean up any harmful or malicious code. Must-have software includes a network firewall, anti-virus and anti-malware tools, as well as administrative toolsets. The latter is important in case you need to block or revoke access to the network.
There are hundreds upon thousands of guides and tools out there. What to take away from this tip is that security software is necessary. Get a firewall, pay for a virus or malware tool subscription, and regularly monitor your network traffic with administrative tools.
7. Use a VPN
A VPN or virtual private network masks your IP address and makes it look as if you’re browsing from another country or region. Why is this important? Everything you do on the internet — even through your business — is synced up with the public IP. That means anyone connecting to your public IP can be traced. Through reverse lookup, hackers can see the current address of where you’re browsing, who is assigned the IP and even what sites or apps they’ve been using.
As a general practice, using a VPN to mask internet activity and traffic is necessary to protect privacy and anonymity. But it can also be the difference between something your employees are doing on the network coming back to haunt you, or not.
8. Don’t Share Passwords or Accounts
Many small business owners fall into the habit of sharing accounts and passwords with employees. Either they don’t want to spend the money on an extra subscription, or they don’t want to go through the hassle of creating sub-accounts. Whatever the case, this is a terrible practice and it could end badly.
You wouldn’t share the password for your personal bank account — hopefully — so don’t share the password to administrative or business-level accounts. Just don’t do it.
9. Consider DDoS Protection
DDoS or distributed-denial-of-service-attacks can bring even massive websites and networks to their knees. We’re talking platforms that are owned by the greats like Microsoft, Google, and many others. They have become increasingly common in today’s landscape because it’s a relatively easy attack to orchestrate. It involves overloading a server or network with requests, locking it up for a time which has the effect of preventing access entirely.
As a small business, especially if you run your own servers or data center, you’re going to be more susceptible to this kind of attack. It will do more than just damage your systems for a time too. It can destroy revenue, customer experiences, and positive sentiment in your brand in just a short while.
There are ways to prevent these kinds of attacks, so make sure you put at least something in place. Deploying a third-party security solution like Cloudflare, for instance, might be just the protective boost your network and system needs.
Security Should Be Ongoing
While these tips can certainly help you protect your business, systems, and network it’s important that you understand security is never truly over. That is, you should establish a process of preventative and routine maintenance. Continue to assess the security measures you have in place and discern what it would take to improve, then act upon it. Keep all your systems and devices up-to-date. Continue to update virus and malware databases and run regular scans. Train all new hires about security and what role they play. Keep your ear to the ground for information about new or common attacks.
Don’t ever stop focusing on security, because that’s when you’re at your weakest.