This is the second segment of a four part series devoted to helping small businesses understand cybersecurity and some of the steps that they can take to protect themselves. Small businesses are more susceptible to cybercrime simply due to the nature of the beast. Owners are embedded in the operations and success of the business and typically don’t have the additional staff to monitor and control potential breaches. It is this very reason that cybercriminals want to focus their devious activities and by knowing the methods and what to look out for, you can participate in your own security protection.
A majority of small businesses not only have little time to devote to worrying about cybercrime, but typically don’t have any emergency strategies in place in the case that one occurs. The smaller company also has a limited budget and may not have the professional staff to monitor potential breaches. Cybercriminals look for easy access, and there are some steps that you can take that will create conditions that deter them.
1} Employee Training in Security
Many of the breaches that occur in small businesses happen due to accidental security problems via employees. Establishing strong logins and passwords, as well as guidelines for staff for rules of behaviour is the first line of defence. This should include alpha/numeric/special characters for passwords that are changed on a regular basis, training on the methods that cybercriminals use in their attacks, and strict protocols that do not allow external technology to be brought in and connected to your network.
2} Antivirus Software
Internet browsing and email is common place in almost all companies today and cybercriminals know that these two actions can be the simplest way to accomplish a breach. Maintaining antivirus software with updated patches allows all actions to be scanned and potentially stopped before any damage is done.
3} Internet Connection Firewalls
This may sound like a no-brainer, but your firewall is critical to protecting your information on your network. You should not only have a high level firewall on your system, but also insist that it is a requirement for any staff that work remotely.
4} Pay Attention to Mobile Devices
Mobile devices that contain confidential data can be a challenge for your small business. Once they are out of your control it could be devastating if they are lost or stolen. Require all of these devices to be password protected, have security apps on their phones and to have all data encrypted. An emergency procedure should be established for reporting if the device is stolen or lost.
5} Backup – Backup- Backup
Establish multiple backups via the cloud that are timed for different days/times. This can typically be done in an automated format so that it doesn’t interfere with your daily functions. Choose different cloud servers as an added step for protection.
6} Have Secure Wi-Fi Networks
Cybercriminals have become professionals at hacking into an unsecure Wi-Fi network so you need to make sure that your network is encrypted, secure and hidden. The method to use to ‘hide’ your network is to establish the wireless router or access point so that it doesn’t broadcast the actual name (aka SSID – Service Set Identifier) and have a high level password to protect your router.
7} Restrict Staff Access
Limit the number of employees that have access to logins, passwords and your business/customer data information. Create separate user accounts and strong passwords, with administrative privileges only given to the most trusted personnel. If you have a staff member that leaves, immediately change the access.
8} Payment Transaction Best Practices
Coordinate efforts with you bank, merchant vendor and/or e-merchant vendor to assure that all steps are being taken for payment transactions. You need to have additional obligational agreements for security to make sure that all hardware and software is compliant and encrypted. Don’t use the payment processing computer for any other outside internet access such as browsing/surfing or email.
9} Establish an Emergency Strategy
Even large corporations, with professional staff and huge budgets don’t discover system breaches for an average of three months. Take the advice of a professional security organisation to work together to establish an emergency strategy in the case that you find that your company and customer data is at risk.
10} Other Situations That Can Put You at Risk
Criminals are adept at using any method that they can and sometimes this means taking advantage of paper documents. Make sure that you shred all company paperwork with the use of a cross-shredder. Additionally, be aware that your printers have memory cards that keep a copy of all documents copied, scanned or printed. Password protect the printer as well as wipe the memory card clean prior to disposing of the printer.
Our commitment to maintaining the latest, up-to-date information on all of the forms that cybercriminals take in their attempts at breaches and theft allows us to be both advisor and confidante to help protect your small business. DaVinci Forensics can offer assistance in staff training as well as recommendations for your network to maintain a strong defence against a system attack.
Image Source: Buzz South Africa