By Manuel F. Pena, President, SysUP Systems, Inc.
Follow these steps to help shield your data from ransomware.
As a small business owner, you have a lot on your plate. Maintaining inventory, handling sales, and managing employees; as a small business, you must wear many hats to run a successful business. Many times, that also means you have to become an expert in all aspects of business. That is easier said than done.
It’s not enough today to be the best landscaper or the best physician. If you own a business, you not only have to be an expert in your field, but also know how to manage the finances of your business, handle any HR concerns, and protect your company’s data from hackers.
Did you know 47% of small businesses become victims of a cyber-attack? What’s even scarier is that 44% of those same businesses experience more than 1 attack. Cyber-attacks cost businesses an average of $200,000 per attack! It’s no surprise that 70% of small businesses that experience a cyber-attack go under within a year of a cyber-attack.*
How are you supposed to protect your business with such defeating odds? The reason many small businesses become easy targets to cyber criminals is they often don’t have the investments to implement strong cyber security measures. Many smaller companies also lack data security professionals on staff.
Things are not all doom and gloom. In actuality, 93% of most cyber-attacks are preventable. There are some tips you can implement right away to help protect your business from becoming a cyber-attack statistic.
1. Stronger passwords
Many businesses are reluctant to get involved with how their employees formulate or update their passwords, but when developing easy-to-remember passwords, people can get very complacent. I mean, it’s not THEIR information to worry about. It’s yours. As a business owner, you need to mandate a password program that will ensure stronger barriers from hackers. Strong passwords should have a mix of upper- and lower-case letters, incorporate numbers, and include at least one special character. Additionally, passwords should be updated on a regular basis. As a rule of thumb, passwords should be updated every 90 days. Make it a habit at the start of every quarter to update your passwords.
2. Perform all software updates on schedule
Many software updates are pushed out to fix minor bugs or errors in the programs themselves. While getting a pop-up or alert that your software needs an upgrade can be annoying, it’s important not to put it off for too long. The longer you “snooze” a software update, the more vulnerable you are leaving yourself to cracks in which a cybercriminal could sneak in. Many updates will allow you to schedule them to install after hours when you’re not trying to manage your daily business. Even better, most updates today are pushed out regularly, so they don’t interrupt your day and update quickly.
3. Lock down access to your most sensitive data
Everyone in your company does not have to have access to every piece of information. In fact, you should treat your information more as a “need-to-know basis.” The fewer people that have access to highly sensitive or valuable information, the better for your cyber security. If you have employees that NEED access to such information, make sure they are fully vetted and trained in cyber security awareness training on a regular basis. It’s also a good idea to have a 2-factor authentication process put in place for systems that access valuable information for your company. Employees that need to manage and maintain this information should have additional safeguards in place for added security.
4. Cybersecurity training
People are, in fact, the weakest link when it comes to cyber security for your business. In fact, 95% of security breaches are blamed on human error. With the amount of information online today, it’s no wonder. We make it easy for cybercriminals to find information and put a more focused approach to their hacking attempts. Information you post on social media, networking sites like LinkedIn, and forms you fill out online when shopping; all this information are pieces of a very intricate puzzle hackers use to find weaknesses in your company’s network.
You also need to remember that no employee values your business more than you do as an owner. It is your job to ensure all your employees understand the cyber security risks that are out there and your expectations as an employer to protect your company from such breaches.
Train employees on creating strong passwords, not downloading unauthorized files on company computers, not accessing personal emails on work computers or networks, avoiding suspicious attachments, being able to spot a phishing email, and not visiting certain websites while on work computers or the network. Be prepared for slip-ups. That is why it is strongly recommended to have regular training sessions each month to keep the best cyber security practices top of mind.
5. Don’t forget about mobile devices
We live attached to our mobile devices today. Employees carry access to vital business communications in the palm of their hands. The same rigorous measure you enact for your important data at the office should be replicated across your employees’ mobile devices as well. Requiring password protection on their devices, installation of security apps and encrypting mobile data are important from keeping cyber criminals from accessing your business while your employees are mobile.
6. Backup your data
Backing up your data should become part of your standard practice. In the event of a cyber-attack, or even an extenuating circumstance like a flood or fire, your data will be safe, secure, and able to be accessed to get you back on your feet. All critical data should be backed up, at a minimum of once per week, preferably once a day. To truly back up your data, all your valuable information should either have a protected copy offsite in a secure location or be stored on the cloud. Ideally. Depending how often you are modifying your data, you may even consider backing up data once every 24 hours. Your recommended schedule should be based on the frequency in which your data is being updated and how much data loss can be tolerated.
7. Vendor compliance
Many businesses need to utilize third-party vendors to make their business run. Although these third-party vendors are not employees of your company, it is still important to ensure they are compliant with all your company’s security policies. Make sure you do thorough background checks on all vendors to ensure they are compliant with all privacy laws. Also, be careful who you let walk through your place of business. The last thing you want is for a computer containing sensitive information to disappear because you have unauthorized personnel having free access around your facility. Remember, many cyber-attacks are attacks of opportunity – so you want to limit the number of opportunities criminals have to strike.
8. Don’t forget to secure your Wi-Fi networks
One of the quickest and simplest ways cybercriminals can root around in your important information is when you give them direct access with a key. Having an open Wi-Fi connection is just that. It’s as though you are leaving a key to your office for anyone to use. The most secure way to lock down your Wi-Fi networks is to ensure they are encrypted and hidden from roaming signals looking for access. Make sure to hide your Wi-Fi network’s identification so it will not broadcast your network name and ensure all Wi-Fi networks require a password only entrusted to employees.
9. Limit access to important data
Have prevention methods in place for all your business systems. Laptops and tablets are especially prone to theft and can be easily misplaced. Make sure all business-owned devices are configured to lockup themselves after a period of inactivity and a password is required to unlock it. Make sure each employee has individual log-in credentials and limit administrative access to only key personnel and trusted IT professionals. All laptops should also be encrypted so the data remains safe and secure in the event of theft or damage.
Looking for help to protect your business?
We are SysUp Systems, your trusted local cyber security specialist. With over 20 years of experience, we provide data protection and managed services for small to medium-sized businesses throughout Southeastern Pennsylvania.
We believe in using a comprehensive approach to cyber security. There is no single solution that will protect your company from attacks. By implementing a layered security approach, your company you have greater protection against malicious email links, compromised websites, infected attachments, and spear phishing attacks. We pride ourselves in the knowledge, experience, and reliability we bring to protect your business. At SysUp Systems, we have an arsenal of tools to mitigate your risk of falling victim to an attack.
Protect your business. Click here for a Complimentary Security Assessment today.
Want more information to protect your business? Submit your email address to be added to our mailing list.
SysUp Systems is located at 705 Sourwood Lane, Collegeville, PA 19426. Phone: 484.854.3242 Email: firstname.lastname@example.org
(*Reference: DTI/Price Waterhouse Cooper)