It seems like you can’t watch the news without finding out about a major new security bug or a corporate hacking scandal. Heartbleed and Shellshock frightened many Internet users, and soon articles about how to increase cybersecurity began popping up everywhere cyber security tips for employees. Small business owners need to be especially knowledgeable about cybersecurity, as much of their business is web-based. Here are some things you need to know about keeping your business safe online, as well as what to do in the event of a security breach.
· No company is too small to be vulnerable to hackers. According to the National Cyber Security Alliance, 71% of cyber attacks target small businesses and nearly half of small businesses reported being attacked. Even more alarming, Experian has found that 60% of small businesses that are victims of a cyber attack go out of business within six months. The NCSA reported three reasons why small businesses are so often targeted: they don’t have the resources to respond to an attack, information like credit card numbers is often less protected, and small businesses can partner with large corporations and give hackers access for these companies.
· Make sure all devices that handle the company’s network or any company data have reliable anti-virus and anti-malware software. This is a basic but easily overlooked precaution against malicious files and other attacks. DNS filtering can also help in preventing unauthorized access. Your network must also have a firewall to protect the network as a whole.
· Educate your employees. In addition to ensuring that everyone in your company is familiar with your security system, it can be helpful to train employees on basic Internet security and protection. There are many online resources that raise awareness of phishing scams, security certificates, and other cybersecurity basics.
· Create strong passwords. For any features that require passwords on your system, create (and have employees create) complex passwords that are not subject to social engineering or easy guessing. There are several guides available on the web on how to create strong passwords.
· Use encryption software if you handle confidential information regularly. So, even if your data is compromised, the hacker won’t be able to read it.
· Limit administrator privileges to your system. Set appropriate access limits for employees without administrator status, especially when using non-company devices. Limit administrator privileges to those who really need them and limit access to sensitive information by time and location.
· Analyze cyberinsurance. Cybersecurity breaches are generally not covered by liability insurance, but if you are looking to protect sensitive data, talk to an insurance agent about your options.
· Back up your data weekly to a secure cloud location or an external hard drive. That way, if the server goes down, you’ll still have access to your data. SkySuite’s Boardroom Executive Suites cloud computing services are the ideal tool in this area.
· If you have determined that there was a security breach, find out the scope of the attack. This is a good time to call in an expert cybersecurity advisor. This will give you a sense of what damage you need to mitigate and will indicate whether it was a mass-produced generic attack or a specifically targeted attack.
· After conducting this investigation, take all your systems offline to contain the damage.