You might think that your small business with a handful of employees is not a target for cybercriminals. However, viruses and malware do not discriminate based on company size. And while hackers would indeed like to grab the prize of hacking into the systems of large corporations, small businesses are often softer targets, so they are equally at risk.
The antivirus software company McAfee estimates that the total global cost of cybercrime is $1 trillion. A survey conducted by AdvisorSmith found that 42% of small businesses had experienced cyberattacks. Cybersecurity is something that no company, large or small, can take for granted. But what can small businesses with limited resources do to protect themselves? Here are 10 simple steps to help prevent a small business from becoming the next victim of cybercrime.
1. Train Employees
The first line of defense against cybercrime is your employees. Indeed, simply making your team aware of the dangers will help protect your business. For example, tell employees not to open email attachments from unknown sources. Make it a rule that company systems must not be accessed via public Wi-Fi. And enforce strong passwords and frequent password changes.
2. Install Firewall and Antivirus Software
Microsoft Defender, the free antimalware and antivirus software for Windows, has improved significantly in recent years. However, tests conducted by safetydetectives.com found that Defender does not provide the same level of protection as third-party antivirus applications, such as Norton and McAfee. It is advisable to install third-party antivirus and firewall software to protect business computers.
3. Backup Data Files
Backups may seem old-fashioned, but it’s the only way to ensure that you can restore data should a cyberattack corrupt or make files inaccessible. Even if you use cloud storage, you should keep local backups as a precaution against the cloud storage provider being compromised. Critical files should be backed up on a three-cycle rotating system, sometimes called the grandfather, father, son (GFS) system. This method ensures that you have failsafe backups should the most recent one be corrupted.
4. Apply Software Updates
Software updates often include security enhancements. It’s best to install updates whenever they become available for all systems, including the operating systems, applications, and antivirus software. It is also advisable to periodically check for firmware updates on devices such as wireless routers, printers, and scanners.
5. Use a VPN for Remote Access
If employees access the company network remotely, use a VPN (virtual private network). A VPN provides additional security and encrypts data sent over the internet. This extra layer of protection makes intent connections at home, hotels, or cafés much safer.
6. Secure Wi-Fi Networks
There are several ways you can secure Wi-Fi networks. The first is to change the factory default name and password. And, of course, use strong passwords that would be difficult to guess. Next, set Wi-Fi networks to the highest possible level of encryption. Wi-Fi Protected Access 3 (WPA3) is currently the most secure Wi-Fi encryption. Finally, ensure that all devices connected to the Wi-Fi are secure and have antivirus software loaded.
7. Restrict Employee Access
Unfortunately, cyber threats are not restricted to external attacks. Employees, either deliberately or inadvertently, might also pose a risk. Consequently, it is advisable to limit employee access to only those systems essential for performing their job and delete the logins of departed employees.
8. Control Third-Party Access to Systems
Outside companies or contractors may sometimes require access to your computer systems. For example, a software support consultant may need a username for specific applications. In such cases, it is advisable to vet the company concerned to satisfy yourself that they are trustworthy. It is also best practice to only enable third-party login when needed. And remember to change login credentials when you switch suppliers or when a member of the support company’s team leaves.
9. Secure Physical Devices
Old-fashioned physical theft also threatens your business, especially if critical data is stored on local machines. Take steps to ensure the security of personal computers and file servers at your business premises. And ensure that staff with laptops or mobile devices are aware of the need to keep their devices safe. It is generally best to prohibit the storage of any sensitive data on laptops or tablets. Instead, use cloud storage or insist that all information is stored on the company network.
10. Use Two-Factor Authentication When Available
Using two-factor authentication can be a nuisance. Nevertheless, imposing a further login step, such as a security code sent to a mobile device, dramatically increases security. Therefore, it is advisable to use two-step authentication whenever it’s available.
Conclusion
Most of the above precautions are easy to implement. However, they are also easy to overlook. The crucial takeaway is not to take cybersecurity for granted and don’t assume that your systems are protected by built-in security. Instead, complete a periodic cybersecurity risk assessment and fix any vulnerabilities you find.