BreachExchange mailing list archives
10 Cyber Security Measures That Every Small Business Must Take
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 10 Nov 2014 19:12:46 -0700
http://tech.co/10-cyber-security-measures-every-small-business-must-take-2014-11 We’re all aware that cyber security refers to protecting and strengthening your computers and Internet-based systems from unintended or unauthorized access, modifications, robbery, and obliteration. A lot of modern small businesses use Web-based technology and tools to carry out their day-to-day functions. Whether it is conducting long-distance conferences, advertising, buying and selling, researching, identifying new markets, communicating with customers and suppliers, and even conducting banking transactions, the Internet and the Cloud have become integral to the smooth functioning of small businesses. While physical embezzlement in offices can be brought under control with the help of technological aids and state-of-art security cameras, the virtual world is a different ball game. The Internet may be a boon, but it also has its fair share of weaknesses. Along with its several benefits, there are many risks involved which are only growing by the day. Several small businesses fall prey to cyber-attacks due to loopholes in their cyber security measures. Mentioned ahead are a few cyber security measures that every small business should have in place to protect itself from the perils of the virtual kind. 1. Install Reliable Antivirus Software A good, reliable antivirus program is a basic must-have of any cyber security system. Apart from that, anti-malware software is also an essential. They work as the final frontier for defending unwanted attacks, should they get through your security network. They work by detecting and removing virus and malware, adware and spyware. They also scan through and filter out potentially harmful downloads and emails. 2. Use Complex Passwords Almost every computer and Web-based application requires a key for accessing it. Whether it is the answers to security questions or the passwords, make sure you create complex ones to make it difficult for hackers to crack them. For answers to security questions, consider translating them into another language using free online translations tools. This may make them unpredictable and difficult to decipher, and less susceptible to social engineering. Using space before and/or after your passwords is also a good idea to throw the hacker off. That way, even if you write your password down, it would be safe as only you would know that it also needs a space at the front/end. Using a combination of upper and lower cases also helps, apart from using alphanumeric characters and symbols. 3. Protect with Firewall Firewall is necessary as it helps you protect your network traffic – inbound and outbound. It can stop hackers from attacking your network by blocking certain websites. It can also be programmed so that sending out proprietary data and confidential emails from your company’s network is restricted. 4. Install Encryption Software If you deal with data pertaining to credit cards, bank accounts, and social security numbers on a daily basis, it makes sense to have an encryption program in place. Encryption keeps data safe by altering information on the computer into unreadable codes. That way even if your data does get stolen, it would be useless to the hacker as he wouldn’t have the keys to decrypt the data and decipher the information. 5. Ignore Suspicious Emails Make it a habit to never open or reply to suspicious-looking emails even if they appear to be from a known sender. Even if you do open the email, do not click on suspicious links or download attachments. Doing so may make you a victim of online financial and identity theft, including ‘phishing scams.’ Phishing emails appear to come from trustworthy senders, such as a bank or someone you may have done business with. Through it, the hacker attempts to acquire your private and financial data like bank account details and credit card numbers. For further security, make sure you change your email password every 60 – 90 days. Additionally, refrain from using the same password for different email accounts and never leave your password written down. 6. Limit Access to Critical Data Keep the number of people with access to critical data to a minimum such as the company’s CEO, CIO, and a handful of trusted staff. Formulate a clear plan that mentions which individual has access to which sensitive information for increased accountability. 7. Take Regular Back-up Every week, either backup your data to an external hard drive or the cloud yourself, or schedule automated backups to ensure that your information is stored safely. That way, even if your systems are compromised, you still have your information safe with you. 8. Secure Your Wi-Fi Network Say goodbye to the WEP (Wired Equivalent Privacy) network if you still use it and switch to WPA2 (Wi-Fi Protected Access version 2) instead as the latter is much more secure. To protect your Wi-Fi network from breaches by hackers, change the name of your wireless access point or router, also called the Service Set Identifier (SSID). Ensure that you use a complex Pre-shared Key (PSK) passphrase for additional security. 9. Secure Laptops and Smartphones Because of the ease of carrying them around, laptops and smartphones hold a hell of a lot of valuable data, and that is also the reason they are at a higher risk of getting lost or stolen. Protecting both these devices entails encryption, password protection, and enabling of the ‘remote wiping’ option. 10. Communicate Cyber Security Policies to Employees Having a written cyber security policy listing the dos and don’ts of using office systems and Internet is helpful, but not enough. You have to ensure that its details are communicated to and understood by your employees, so that they can put it in practice. That is the only way of making such policies effective. Do amend these policies regularly according to the relevance of the contents. Conclusion Attempts to steal confidential data and money, or disruptions in your business are very real threats. Although a business can never be completely safe from such dangers, there are several security practices for your people, processes and systems which can help you bust online security threats. Keep your eyes and ears open to suspicious behavior on the part of your employees and outsiders with the help of surveillance systems to identify those with vested interests in your company. Aside from that, the above tips should come in handy to amp up your cyber security measures.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- 10 Cyber Security Measures That Every Small Business Must Take Audrey McNeil (Nov 17)