12 Cyber Security measures that every small business must take

View source

A rise in hybrid working has made businesses more vulnerable than ever to cyber crime. We show how to protect your company.

Cybersecurity has been important to businesses since the internet existed. But now, more employees are in hybrid or fully remote roles than ever before and need remote access to company resources. The volume of data held in cloud-based systems, and the subsequent risk of unauthorized breaches, hacks, or exposure, have both grown exponentially over the last decade.

In 2023, keeping your business safe and secure is a different ball game from what it was even just a few years ago. Yet, despite the ever-present threat of data breaches, ransomware attacks, and insidious online scams, as many as 90% of businesses aren’t ready for cyber attacks, recent data suggests.

So how can you stay safe? Read on for all the top cyber security measures that every small business should have in place to protect itself from the perils of the virtual kind.

  1. Get a VPN

Any business with an internet connection can benefit from a VPN. The term stands for Virtual Private Network, and it’s another layer of security masking your online activity from third parties: 30% of VPN users say they use it to access the internet for their jobs.

VPNs essentially funnel your data and IP address through an encrypted server before it reaches the internet, so all of the websites you visit see the IP address of the VPN server rather than your own.

VPNs are most useful when you are connecting to any public internet connection, like a coffee shop or an Airbnb. These connections are famously unsecured and hackers can relatively easily use them to scoop up the private data of anyone who log onto them. With a VPN, your new, secure connection will separate the hacker from the data that they are hoping to steal.

There’s one unavoidable downside: Funneling your internet activity through another server (often in another country) will reduce your internet speed slightly. The best VPNs will be secure, speedy, and inexpensive. Besides, a slight difference in speed is a small price to pay, however, for significantly more privacy.

It’s important to remember that a VPN doesn’t make you completely anonymous online – that task is near impossible. But it’s certainly safer than not using one, and de-coupling your IP address from your traffic makes you much, much harder to trace.

  1. Install Reliable Antivirus Software

“Malware” refers to any software designed with malicious intent, while viruses are a specific type of malware that replicates itself within a computer until it has spread through an entire system. Another type of malware is called “spyware” and is designed to remain hidden from sight while collecting data on the business that it has latched onto. Needless to say, you’ll need to be protected from all these forms of virtual warfare.

A good, reliable antivirus program is a basic must-have of any cyber security system. Apart from that, anti-malware software is also essential. They work as the final frontier for defending against unwanted attacks, should they get through your security network.

They work by detecting and removing viruses and malware, adware, and spyware. They also scan through and filter out potentially harmful downloads and emails. You’ll need to keep this software updated in order to stay safe from the latest scam or patch any bugs.

  1. Use Complex Passwords

Almost every computer and Web-based application requires a key for accessing it. Whether it is the answers to security questions or the passwords, make sure you create complex ones to make it difficult for hackers to crack them.

For answers to security questions, consider translating them into another language using free online translation tools. This may make them unpredictable and difficult to decipher, and less susceptible to social engineering.

Using space before and/or after your passwords is also a good idea to throw the hacker off. That way, even if you write your password down, it would be safe as only you would know that it also needs a space at the front/end. Using a combination of upper and lower cases also helps, apart from using alphanumeric characters and symbols.

  1. Use Password Managers

So you’re using dozens of unique, complex, tough-to-remember passwords when logging into all your work software. This raises an entirely new issue: How can you quickly and easily sign in when you have to take the time to recall and type out a lengthy string of symbols every time? The answer is a good password management tool.

Password managers will track your internet use, automatically generating the correct username, password, and even security question answers that you’ll need to log into any website or service. Users will just have to remember a single PIN or master password in order to access their vault of login information. Many tools also support other benefits, like a password generator that guides users away from weak or reused passwords.

We’ve ranked the top options in our extensive guide to password managers. Our top pick is NordPass, thanks to great features and pricing, plus a handy browser plugin. It’s important to review all the providers on offer before you buy, however. LastPass is one of the most widely-used providers, for example, but a recent security incident has called the provider’s credentials as a secure password manager into question.

 Protect Your Network With a Firewall

What separates a firewall from an antivirus program? Well, a firewall protects hardware as well as software, making it a boon to any company with its own physical servers. But a firewall also works by blocking or deterring viruses from entering your network, while an antivirus works by targeting the software affected by a virus that has already gotten through. They work well together, in other words.

Putting up a firewall helps protect a small business’s network traffic – both inbound and outbound. It can stop hackers from attacking your network by blocking certain websites. It can also be programmed so that sending out proprietary data and confidential emails from your company’s network is restricted.

Just getting a firewall isn’t enough: You’ll also have to regularly check that it’s equipped with the latest updates for software or firmware.

Top options include Bitdefender, Avast, and Norton, and many brands will include a firewall in a package with other useful security offerings such as VPNs, password managers, and automatic data backups on the cloud.

  1. Install Encryption Software

If you deal with data pertaining to credit cards, bank accounts, and social security numbers on a daily basis, it makes sense to have an encryption program in place. Encryption keeps data safe by altering information on the computer into unreadable codes.

Encryption is designed with a worst-case scenario in mind: Even if your data does get stolen, it would be useless to the hacker as they wouldn’t have the keys to decrypt the data and decipher the information. That’s a smart security feature in a world where billions of records get exposed every month.

Top options here include Microsoft BitLocker, IBM Guardium, and Apple FileVault — they’re all high-quality, so just pick your favorite computer company and get in touch for a free trial or demo of what they have to offer.

  1. Ignore Suspicious Emails and Texts

Sometimes the simplest security measures are the best: Make it a habit to never open or reply to suspicious-looking emails, even if they appear to be from a known sender. Even if you do open the email, do not click on suspicious links or download attachments. Doing so may make you a victim of online financial and identity theft through a “phishing” scam, a term that refers to a false message sent in order to bait the victim into freely giving their login data to the scammer.

Phishing emails appear to come from trustworthy senders, such as a bank or someone you may have done business with. Through it, the hacker attempts to acquire your private and financial data like bank account details and credit card numbers.

In 2023, hackers are willing to go through a myriad of different digital avenues to find potential victims – and you should treat texts from unknown numbers with exactly the same, high level of caution, as well as suspicious-looking WhatsApp messages.

For further security, make sure you change your email password every 60 – 90 days. Additionally, refrain from using the same password for different email accounts, and never leave your password written down.

  1. Limit Access to Critical Data

Keeping the number of people with access to critical data to a minimum such as the company’s CEO, CIO, and a handful of trusted staff is an important security method. This will minimize the fallout from a data breach, should it occur, and further reduces the possibility of bad actors from within your organization gaining unauthorized access to data.

The Principle of Least Privilege – that employees should have access to the minimal amount of company resources needed to complete their work – should be enforced at all times.

Siloing up what data is accessible – and to whom – is vital to keeping it safe from insider threats. But informing employees of the implementation of such a security method so they can take a proactive approach and alert their managers to examples of poor data hygiene is also important.

Formulate a clear plan that mentions which individual has access to which sensitive information for increased accountability, and communicate it to your entire team, so that everyone is on the same page.

  1. Back Up Data Often

Your business should either manually back up all data to an external hard drive or the cloud, or simply schedule automated backups to ensure that your information is stored safely. That way, even if your systems are compromised, you still have your information safe with you – which is why it’s one of the most important security methods to implement.

This feature is frequently baked into software programs that handle sensitive data, but it won’t hurt to run an audit of all your business communications in order to ensure that no single point of failure can erase months or years of historical data.

  1. Secure Your Wi-Fi Network

Say goodbye to the WEP (or Wired Equivalent Privacy) network if you still use it and switch to WPA2 (that’s Wi-Fi Protected Access version 2) instead as the latter is much more secure.

WPA2 is an increasingly common standard for online security, so there’s a good chance you’re already using it. However, some large businesses neglect to upgrade their infrastructure and will need to make a concentrated effort to roll all their operations over to a more secure network.

To protect your Wi-Fi network from breaches by hackers, change the name of your wireless access point or router, also called the Service Set Identifier (SSID). You can also ensure that you use a complex Pre-shared Key (PSK) passphrase for additional security.

  1. Secure Laptops and Smartphones

Because of the ease of carrying them around, laptops and smartphones hold a hell of a lot of valuable data, and that is also the reason they are at a higher risk of getting lost or stolen. Granted, the thieves are often more interested in making a quick buck at a pawn shop than in ransoming off your business’s corporate secrets, but either way, you’ll lose access to your data and your verified device.

What steps can you take to protect a physical device? Here are the biggest options available:

  • Data encryption– we mentioned business-wide encryption software earlier, but sometimes an employee neglects to encrypt the data on their device as well as on the cloud
  • Password protection– Similarly, you’ll want to have a password to enter your laptop as well as one to access online accounts. Many password managers can help with this as well.
  • Remote wiping– With this ability set up, a business IT manager can remotely delete the data on a misplaced device.

Finally, a company-wide employee training session detailing the best security methods for company-owned devices can be useful as well, ensuring employees know whether they can take laptops off of the premises and how to keep them safe if they do. In fact, let’s give that idea its own entry:

  1. Communicate Cyber Security Measures to Employees

Having a written cyber security policy listing the dos and don’ts of using office systems and the internet is helpful, but not enough. You have to ensure that its details are communicated to and understood by your employees so that they can put it into practice.

That is the only way of making such policies effective. If you’re using new software like a business VPN, and employees don’t know precisely how to use it correctly, they could be putting your company’s data at risk.

With this in mind, you might want to consider bringing in a third-party consultant to check your process for any security loopholes, whether on the internet or in the physical office.

You’ll definitely want to have a process in mind for updating the entire company when changes occur, especially considering you’ll need to amend these policies regularly to keep up with the ever-more sophisticated threat landscape.