Malicious cyber attacks are continuing to cost the American economy billions of dollars every year. According to WebFx, 71% of attacks are aimed at companies with fewer than 100 employees. However, there are many safety precautions that businesses can implement to curtail this threat.
Here is our list of 10 cyber security tips for small businesses. Share them with your employees and train them in best practices for cyber-security strategies. This will help to protect your business and your customers.
Protect information, computers, and networks from cyber attacks
Have the latest security software, web browser, and operating systems. This is the best defense against viruses, malware, and other online threats. Regularly scan your site and computers for malware. Run antivirus software after each update. Install other key software updates as soon as they are available.
Make sure that employees working from home are also using a firewall.
Unless you know the sender, do not click on a link or attachment. Also, this is true for
Update passwords every three months. In addition, make passwords strong and unique, or use a password generator. Moreover, do not write passwords or other sensitive information on a post-it note to leave on your computer or at your workspace. Also, never save passwords on your phone or computer. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry.
Regularly purge and archive email to a secure site. Use encrypted email for sensitive information. Carefully guard login credentials.
Avoid doing business over unsecured wi-fi. To hide your Wi-Fi network, set up your wireless router so it does not broadcast the network name. This is known as the Service Set Identifier (SSID). Password protect access to the router.
Theft of laptops and smartphones is an easy way to lose important information. Safeguard hardware by keeping it in a secure area. Likewise, store digital keys and certificates in a secure, tamper-proof, data storage container. Be sure to have reporting procedures for lost or stolen equipment.
Back it up
All important information should be routinely backed up. Store all copied critical data offsite or in the cloud. Do not keep information that is no longer needed. Make sure you properly discard old records.
Limits of authority
Regulate who has access to confidential data. Keep in mind, it is a good practice that employees should only be given access to the specific data systems that they need for their jobs. Similarly, grant authority to only the individuals responsible for software downloads and maintenance. In other words, administrative privileges should only be given to trusted IT staff and key personnel.
Payment systems and financial transactions
Use SSL or HTTPS for your website. Also, only enter information or buy from secure websites. It should be noted, though, that does not protect you from phishers. They can have a secure, albeit fake, site. Advise clients to only send wire transfers after checking with your company about the procedure. In addition, they should confirm the instructions beforehand with the intended recipient.
Prevention is your best defense
Above all, if you have a data breach or some other cyber attack, you will want to have a plan in place to deal with it. Firstly, evaluate your business model and determine if you need a breach notification policy. In addition, possibly you will need an action plan for your employees. This would include how to handle notifying the appropriate entities to ensure your information is secure.
What Business are Already Doing
Fortunately, about nine out of ten businesses reported they have some cybersecurity measures in place, with the most common ones being: 1) antivirus; 2) firewall; and 3) employee education. BBB Accredited Businesses are almost three times as likely to include cybersecurity insurance. The financial risk of cybersecurity incidents can be transferred to insurance companies, a move that makes sense when the insurance cost is less than providing additional cost-effective protections.Better Business Bureau
Social Media Accounts
In addition to the above tips, there are a host of additional security advice and guidelines available. Certainly of key importance, is protecting your online presence. We have all read about cyber-hijacking of websites. The SBA has a Social Media Cyber-Vandalism Toolkit available on their website. On it, you will find, for example, that they outline a three-phase approach covering readiness, recovery, and response for online security practices.
Just Starting Out?
We hope that you find these 10 cyber security tips for small businesses useful. If you are starting a new business, you may be interested in our new business article here. Contact us directly to discuss your business insurance questions. Your security and peace of mind are important to us.
U.S. Small Business Administration