Security is a crucial part of any business plan, regardless of the size of the organization, its annual revenue, or number of locations. It is estimated that 82% of small business owners do not believe they are targets for cyber attacks because their companies are not big enough or do not have anything worth stealing. In actuality, small businesses appeal greatly to hackers because they offer more points of attack than individuals and take fewer security measures than large enterprises.
Here are 10 steps to better small business security.
- Establish basic security practices and policies for employees and ensure they are used consistently. Policies should include requiring strong passwords, establishing internet-use guidelines with detailed penalties for violation, and defining rules on how to handle and protect company data and customer information.
- Protect information, computers, and networks from cyber attacks by utilizing the latest security software, web browser, and operating system. Set antivirus software to automatically run a scan after each update and ensure software is updated as soon as the updates become available.
- Provide firewall security for your internet connection to prevent outsiders from accessing data on your private network. Make sure your operating system’s firewall is enabled or install firewall software from a reputable online dealer. If employees work from home, ensure they have firewall protection on any computer they use.
- Create a plan for mobile devices by requiring users to password-protect their devices, encrypt data, and install security apps to prevent cyber criminals from stealing information while the device is on public networks. Ensure your company has reporting procedures for lost or stolen equipment.
- Keep backups of important business data and information on all computers on a regular basis. Important data includes any word-based documents, electronic spreadsheets, databases, financial and accounting files, and human resources records. Set data to backup automatically if possible, or backup manually at least once a week. Backups should be stored offsite or in the cloud.
- Control access to company computers and create separate accounts for each employee. Business computers should never be used by anyone who is not an employee of the company. Laptops are more prone to theft or loss and should be locked anytime they are unattended. Employees should have their own accounts on any computer they are authorized to access. Administrative privileges should only be given to key personnel and trusted members of IT staff. Implement a policy that details the penalties for employees who share their account access information with other individuals.
- Secure your WiFi network and make sure it is encrypted and hidden. To hide your WiFi network, set up your access point or router so it does not broadcast the network name (SSID). Password-protect access to the router and share with only the IT staff and key personnel responsible for granting access to any devices that require use of the WiFi network.
- Employ best practices on payment cards by ensuring the most trusted and validated tools and anti-fraud services are being utilized. Additional security obligations may also be required based on agreements with your bank or credit-card processor. Payment systems should be isolated from less secure programs, and payment-processing computers should never be used to surf the internet.
- Limit employee access to data and limit authority to install software to IT and administrative personnel only. Employees should only have access to the data and programs required to perform their duties and should not be allowed to install software of any kind on any device.
- Passwords and authentication should be unique. Employees should change their passwords every three months. Multi-factor authentication is another valuable consideration. This type of authentication requires additional information beyond the initial password to access company systems. Check with vendors that handle sensitive data to see if they offer multi-factor authentication for your account.
Security plans are not a one-size-fits-all solution, and no two plans are alike. Protelligent’s Premonition™ Security Suite is fully customized to fit the needs of your company.
Learn more about how Premonition Security will level the playing field for your business with proven strategies and expertise that reduce your risk of cyber attacks.