8 Best Practices for Cybersecurity in Your Small Business

Most cyberattacks in the news are in the news because they’ve hit a big company. This leaves small businesses with a false sense of security, but the reality is that small businesses are just as much a target as larger companies. If you have any presence on the Internet, you could be a target.

Here are some of the top tips to consider when evaluating the security of your small business:

Train your employees

Negligent employees cause most data breaches experienced by small businesses, but the battle against cybercrime can also be fought by employees. Educate your employees on the standards you expect them to uphold and use cyberattacks in the news as learning tools.

Business email fraud is the omnipresent mob boss of cybercrime. Hackers can compromise your system and trick your employees into actions such as sending payments to fraudulent accounts. Make sure your employees are aware of the risks involved in sending and receiving email, especially when money is involved.

Protect information and machines

If you see there’s an update coming for software you regularly use and trust, be ready to update. Not only that, but be ready to run an antivirus scan after the update goes in. Software, operating systems, and web browsers often release updates to fix bugs. Bugs may let cyber criminals in, so taking prompt action is a great defense.

Put up a firewall

Firewalls keep your network secure and can prevent unwanted users from gaining access to your systems.  If you have employees who work from home, make sure their personal firewalls are held to the same standard as the office firewall.

Don’t forget mobile devices

An extra level of security should be considered with mobile devices. If your employees do a lot of work on their mobile devices, make sure their devices are protected with a password and any company data they’re accessing is encrypted. Get everyone in the habit of clearing out unused apps and updating permissions and preferences immediately after a new app is downloaded.

Make copies

Data should always be backed up. Consider implementing an automatic backup plan so important data is always stored in multiple places. If you store your backed-up data on an external device, such as a USB drive, make sure the external device is also scanned for viruses. Better yet, allow only pre-approved devices to be used.

Control physical access to computers 

Part of employee training is making sure login information and passwords are not shared. If your employees share computers, make sure everyone completely logs off when done with a device. When anyone is logged into a company device, consider blocking browser extensions and other web actions that might expose your systems.

Manage money

You may have to fulfill specific security obligations with your bank or third-party payment processor, so make sure you’re up to snuff on the standards they expect from you. You don’t have to be an expert, but it’s helpful to know how the payment information you take from your customers is protected by the third party.

Recycle plastic, not passwords

All your employees should be required to create a password for your systems. Encourage them to change their password regularly and to use a combination of uppercase and lowercase letters, numbers, and symbols. And always change the password to something other than the manufacturer’s default.

Good password practices apply to more than just access to the company’s primary system. This applies to point-of-sale systems, emails, fax machines, copiers, and anything else that might be connected to the company’s network. Remind employees to use separate passwords for home and work.

Finally, if you don’t already have cyber liability coverage for your business, check out the Acuity Cyber Suite and talk to your agent about this important coverage. 

This post was written by Alison M. Alison M. is a Regulatory Analyst at Acuity. During the work day, Alison helps keep Acuity in compliance with the ever-changing laws and regulations in the states in which Acuity operates. Prior to her role at Acuity, Alison worked as a paralegal, serving clients filing for bankruptcy, facing criminal defense charges, or claiming personal injury after an auto accident. Outside the work day, Alison does a lot of yoga, cooks a lot of good food, and spends a lot of quality time with her husband and dog.

Sources:

https://www.fcc.gov/general/cybersecurity-small-business

https://www.sba.gov/managing-business/cybersecurity/top-ten-cybersecurity-tips

https://us.norton.com/internetsecurity-online-scams-cybersecurity-tips-for-small-businesses.html

https://www.iii.org/sites/default/files/docs/pdf/cyber_risk_wp_103017.pdf

https://staysafeonline.org/wp-content/uploads/2019/02/Small-Business-Quick-Wins.pdf