One in five small businesses are affected by cybercrime each year. – The National Cyber Security Alliance.
Let that sink in. One in five. That is some serious risk. While companies like Target and Sony have the financial support to get them through this kind of scandal, do you?As we finish the first quarter of 2017, small businesses are still prime real estate for hackers. Why? Because you’re the most vulnerable. Hackers are banking on the fact that you're not prepared for them.
Fortunately, there are some things you can do to keep your company safe.
8 Ways to Protect Your Company from Online Threats
1. Email Spam Filtering
For better or for worse, it seems like malware can’t be shaken out of email systems. Spam emails are filled with viruses and other malware, infecting email inboxes daily.
Using the right email filter, however, you can catch and block out the majority of emails that are malicious in nature. These systems scan emails before allowing them into your inbox. This lessens the chance that you or your employees will accidentally click on malicious attachments, or links that download harmful malware. These systems aren't fool-proof though. Just as you are setting up blocks, hackers are actively working to get around them.
Keep your email is as safe as possible with these best practices:
- Don’t open emails if you don’t know the sender.
- Only click on emails or attachments when you trust the sender.
- If anything seems odd about an email you receive - even if it’s from someone you trust - don’t interact with it. It could be a hacker impersonating someone you know.
- Alert your IT professional, outsourced or otherwise, immediately if you notice high volumes of “spam” looking emails.
- When in doubt, delete.
2. Internet Content Filtering
Safeguarding your business from malware and data leaks on the web is important. The same tricks used in emails, are used on the web. One employee clicks this and downloads that, and BAM, a virus has infected your whole system.
To encourage productivity and limit risky website use, companies are turning to Internet filters as safety nets. This creates a safe environment for your most sacred files, and your employees alike.
When you’re setting up filters, consider your company size, budget, culture, and needs. Feel free to customize it too. If you've okayed social media platforms, you can always disable playing games on those sites. This limits what they can do, but still allows them to browse Instagram on their lunch.
3. Set Up Guest Wi-Fi
The first question to ask yourself is: Do guests need Wi-Fi if they visit my office? If the answer is no, skip this section. If the answer is yes, continue reading.
Guests should NOT be able to access the Internet connection that runs your business. If they do, they'll have direct access to valuable data on your network. The best thing you can do is set up a separate wireless connection for your customers and guests. This should still have its own password, which should be changed periodically. This gives you the best protection and still allows you to accommodate your guests at the same time.
Setting up guest Wi-Fi does add some complications to your business's network, but your IT professional(s) should be able to handle it.
4. Secure Mobile Devices
This is becoming more relevant. Bring your own device (BYOD), especially in the small business world, is a trending with no signs of slowing down. It’s great for two reasons, lower cost and more flexibility for your employees. But that flexibility brings more risk.
These devices have to be managed while they’re on your network to keep them from bringing in dangers. Different management techniques will control encryption and the access that your employees have. Ask your IT professional to focus on the security of mobile devices connecting to your network. Together, come up with best practices for your company and a plan to keep it secured.
5. Keep Your Operating System & Software Up-to-Date
When was the last time you updated your operating system or software? Are you up-to-date with the latest patches and security? If your answer is "I don't know," it’s time to figure it out.
If your company has skipped by without any harm, consider yourself lucky. Updates are there to fix security holes that have been discovered. Sure, it might take some time to download and restart your computer, but they're important. If you don’t update your operating system and software when new patches are released, your whole system is left vulnerable to malware and other security threats.
In many businesses, your IT team will centrally manage and push out these updates to devices after they've been tested.
If you don't already have one, come up with a plan to stay on top of all updates to better safeguard your sensitive information. This should be a top priority and should be evaluated regularly.
6. Secure Your Network with Firewalls
Firewalls are a critical piece to network security, protecting you from online threats and unauthorized access to your netowrk.
Consider these the superheroes that combat hackers that lurk in the figurative night. They work with your other IT security devices, providing things like virtual private network (VPN), antivirus, anti-spam, anti-spyware, and content filtering. They should also have an Intrusion Prevention System (IPS) enabled. This functions as a barricade to prevent a threat from spreading.
New viruses, worms, and malicious attacks are created and released into the wild DAILY. That’s why keeping your firewall and other IT security devices current is important. The latest updates should be a priority to you and your IT team. Better safe than sorry.
7. Make Sure You Have Good Backups
This is the most serious portion of this article. If all else fails, at least you’ll have a way of getting your information back. If malware were to wreak havoc on your company, your backup will put it back together again.
Don’t assume that your small business is flying under the radar of hackers. You aren’t, not even a little. Even the smallest disruption could take your small business down for weeks. With a good backup, however, your IT professional can get you back up-and-running with the same data you had before the attack.
Consider regular backups like your insurance policy. With an up-to-date backup, you can go back in time to a date before the malware attack, system corruption, or even before a natural disaster hit, and reset your company. This is the quickest way to restore your data.
This way, you may only lose a few minutes or a day of work, depending on how frequently your backups run.
Speak with your IT professional about the different kinds of backups and which one is best for your business. You should also cover how to keep your backups safe from hackers and malware.
8. Educate Your Employees On Cybersecurity
Educating your employees and yourself can take you a long way. We've all fallen for them - clicks, downloads, and fake offers. If you take the time to inform your employees of risks on the Internet, you'll be ahead of the game. This should be more than just the standard policy. Educate them on current dangers and warning signs. Make sure they know how to escalate things to the IT department when necessary.
Cyber security is a full-time threat on your company. In turn, it’s a full-time job to project your company. Your IT personnel should be up to date and engaged with all the latest in cyber security warfare. It’s extremely important that your team is in the know with the latest threats to you and your customers. But your first step is realizing that you aren’t invisible to hackers. Set and keep on top of strict policies and precautions. IT is not something you can set and forget. It needs constant management, whether it’s outsourced or in-house. Your company depends on it.
IT can be complicated. We're here to help "untangle" it for you.
IT Untangled aims to provide clarity on IT topics for business people. This weekly blog series will explain and discuss the complex world of IT, in words you understand.