Easy and Low-Cost Techniques to Help Protect Your Small Business from Cyber Threats- Part I
What is Cybersecurity and how does it impact you as a small business owner? Cybersecurity is the act of protecting hardware, software and data from attacks via a network (i.e. wireless, internet, Bluetooth, etc.). These attacks are referred to as cyberattacks. With that definition alone, you can now begin to imagine how possible cyberattacks could impact your business as well as your personal life.
Look around you and take inventory of how many electronic devices you have connected to the internet. Do you have a phone, laptop, tablet, security system and/or smart devices? Also, what do you have stored on each of these devices? Do you have sensitive client data, a company website or company information? What would happen if that information is stolen or damaged? How would that impact you and your business? Is your business able to absorb an outage due to an attack?
As a small business owner, adding cybersecurity to your already full plate may be overwhelming. In this article, we provide some initial, small actions that can be done to start you on your way to protecting your business.
Invest in protection
Purchase and install virus protection software for each of your computer devices. Also, ensure that each employee has virus protection installed and active on their devices prior to connecting to your company network if you allow employees to utilize their own devices. Virus protection helps with protecting against threats that may come through a network. A device can be impacted by visiting websites that have malware or viruses.
Also, downloading software or files from websites could introduce an attack in your company network as those items may contain a virus which is activated upon opening or installation. Another common way of introducing an attack into your company is by employees opening and clicking on emails that appear to come from someone they know. This attack technique is called phishing. The virus protection is able to quarantine the infected files which reduces the risk of infecting your computer device. Without virus protection, the device, along with its files could become compromised and useless. In addition, without protection, the virus could spread to other devices connected in the same network.
Protect your company network
If you have your own company internal network, be sure to password protect connecting to the network. This is to ensure that random people passing by your office space do not connect to your network without you knowing. By leaving your network open, you invite hackers in to “sniff” your network traffic or be able to intercept the data you are sending in/out of your company. To allow guests to connect to your network, set up a separate network for them to connect to; and ensure that the guest network is not able to impact your company network. For example, if a guest obtains a virus, it could spread throughout the guest network. You do not want the virus from the guest network to be introduced into your company network. Thus, having two different networks or a network that is separated by a firewall would reduce the risk of infection and attack. What is a firewall? It is a piece of software installed on a network device to monitor incoming and outgoing network traffic. It can also be configured to block and allow certain traffic. As a result, traffic from the guest network could be blocked by the firewall from entering into the company network.
Another technique you may consider is not broadcasting your company network’s name, also referred to as the SSID (Service Set Identifier). Although, this is not full proof, it does make it more difficult for a hacker to break into your network. This can be disabled on the network router.
Also, consider investing in a Virtual Private Network which provides an encrypted network connection for those employees connecting from outside of the office. This is especially advantageous when you have a company of mostly virtual employees; and you have sensitive data being transmitted between the company network and employees’ devices.
Consider using a hotspot when away from the office
When on travel, most people connect to the hotel’s or restaurant’s wireless network. This makes your connected device vulnerable to other guests using the network. A sophisticated guest could intercept your device traffic and obtain important information such as credit card information or login credentials to certain sites. Having your own hotspot would greatly reduce the security risk. You could also configure your hotspot to be password protected and to not broadcast its network name.
Ensure all software and virus protection is up to date
If you have a Windows device, you probably think that the updates never end! YES, it seems to be a pain; but why is it best to update to the latest software release whether it be on your laptop, phone, website, network device, etc.? Within many of the updates, there are security holes being patched. New security risks are introduced on a consistent basis. In order to combat against new security threats, software companies update their software and notify you of the available updates. By ignoring these updates, you leave your devices vulnerable; and one or more device could become compromised. More than likely, it will cost you more in the long run to remove any threats from your devices than to be proactive and keep up with the latest updates.
Make difficult passwords and update passwords consistently
Ensure that your passwords are difficult to “crack”. You can make a password out of your favorite quote or sentence; but substitute symbols or numbers for certain alpha characters to make the passwords easier to remember. Also, do not set the same password for all your accounts. Once a hacker “cracks” one account, they can determine what other types of accounts you may have and hack into those as well. But how do you remember all these passwords? There is technology referred to as a Password Vault/Manager to store all your passwords. With the Password Vault/Manager, you only have to recall one password to the vault while the vault contains the passwords to all of your other accounts.
Changing up your account passwords on a consistent basis (i.e. once every thirty days or 60 days) would help reduce the risk of your device or accounts from being compromised. This includes rotating the password for your internal network. Employees come and go. Thus, to reduce the risk of ex-employees having access, rotating passwords on your network and certain systems would combat a security threat.
The techniques mentioned are a starting point; and should be low cost, easy to implement and easy to practice on a consistent basis. With the introduction of the 5G network and many more devices and technology that utilize the network, such as Alexa, Google Home, cars, smart watches, cryptocurrency, etc., security threats are expected to significantly increase over time. It is important to keep abreast of the latest trends in cybersecurity and how it could impact your business. Your business is your “baby”. Be proactive in protecting it.