10 Cyber Security Measures That Every Small Business Must Take

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://tech.co/10-cyber-security-measures-every-small-business-must-take-2014-11

We’re all aware that cyber security refers to protecting and strengthening
your computers and Internet-based systems from unintended or unauthorized
access, modifications, robbery, and obliteration.

A lot of modern small businesses use Web-based technology and tools to
carry out their day-to-day functions. Whether it is conducting
long-distance conferences, advertising, buying and selling, researching,
identifying new markets, communicating with customers and suppliers, and
even conducting banking transactions, the Internet and the Cloud have
become integral to the smooth functioning of small businesses.

While physical embezzlement in offices can be brought under control with
the help of technological aids and state-of-art security cameras, the
virtual world is a different ball game. The Internet may be a boon, but it
also has its fair share of weaknesses. Along with its several benefits,
there are many risks involved which are only growing by the day. Several
small businesses fall prey to cyber-attacks due to loopholes in their cyber
security measures.

Mentioned ahead are a few cyber security measures that every small business
should have in place to protect itself from the perils of the virtual kind.

1. Install Reliable Antivirus Software

A good, reliable antivirus program is a basic must-have of any cyber
security system. Apart from that, anti-malware software is also an
essential. They work as the final frontier for defending unwanted attacks,
should they get through your security network.

They work by detecting and removing virus and malware, adware and spyware.
They also scan through and filter out potentially harmful downloads and
emails.

2. Use Complex Passwords

Almost every computer and Web-based application requires a key for
accessing it. Whether it is the answers to security questions or the
passwords, make sure you create complex ones to make it difficult for
hackers to crack them.

For answers to security questions, consider translating them into another
language using free online translations tools. This may make them
unpredictable and difficult to decipher, and less susceptible to social
engineering.

Using space before and/or after your passwords is also a good idea to throw
the hacker off. That way, even if you write your password down, it would be
safe as only you would know that it also needs a space at the front/end.
Using a combination of upper and lower cases also helps, apart from using
alphanumeric characters and symbols.

3. Protect with Firewall

Firewall is necessary as it helps you protect your network traffic –
inbound and outbound. It can stop hackers from attacking your network by
blocking certain websites. It can also be programmed so that sending out
proprietary data and confidential emails from your company’s network is
restricted.

4. Install Encryption Software

If you deal with data pertaining to credit cards, bank accounts, and social
security numbers on a daily basis, it makes sense to have an encryption
program in place. Encryption keeps data safe by altering information on the
computer into unreadable codes.

That way even if your data does get stolen, it would be useless to the
hacker as he wouldn’t have the keys to decrypt the data and decipher the
information.

5. Ignore Suspicious Emails

Make it a habit to never open or reply to suspicious-looking emails even if
they appear to be from a known sender. Even if you do open the email, do
not click on suspicious links or download attachments. Doing so may make
you a victim of online financial and identity theft, including ‘phishing
scams.’

Phishing emails appear to come from trustworthy senders, such as a bank or
someone you may have done business with. Through it, the hacker attempts to
acquire your private and financial data like bank account details and
credit card numbers.

For further security, make sure you change your email password every 60 –
90 days. Additionally, refrain from using the same password for different
email accounts and never leave your password written down.

6. Limit Access to Critical Data

Keep the number of people with access to critical data to a minimum such as
the company’s CEO, CIO, and a handful of trusted staff.

Formulate a clear plan that mentions which individual has access to which
sensitive information for increased accountability.

7. Take Regular Back-up

Every week, either backup your data to an external hard drive or the cloud
yourself, or schedule automated backups to ensure that your information is
stored safely.

That way, even if your systems are compromised, you still have your
information safe with you.

8. Secure Your Wi-Fi Network

Say goodbye to the WEP (Wired Equivalent Privacy) network if you still use
it and switch to WPA2 (Wi-Fi Protected Access version 2) instead as the
latter is much more secure. To protect your Wi-Fi network from breaches by
hackers, change the name of your wireless access point or router, also
called the Service Set Identifier (SSID).

Ensure that you use a complex Pre-shared Key (PSK) passphrase for
additional security.

9. Secure Laptops and Smartphones

Because of the ease of carrying them around, laptops and smartphones hold a
hell of a lot of valuable data, and that is also the reason they are at a
higher risk of getting lost or stolen. Protecting both these devices
entails encryption, password protection, and enabling of the ‘remote
wiping’ option.

10. Communicate Cyber Security Policies to Employees

Having a written cyber security policy listing the dos and don’ts of using
office systems and Internet is helpful, but not enough. You have to ensure
that its details are communicated to and understood by your employees, so
that they can put it in practice. That is the only way of making such
policies effective. Do amend these policies regularly according to the
relevance of the contents.

Conclusion

Attempts to steal confidential data and money, or disruptions in your
business are very real threats. Although a business can never be completely
safe from such dangers, there are several security practices for your
people, processes and systems which can help you bust online security
threats. Keep your eyes and ears open to suspicious behavior on the part of
your employees and outsiders with the help of surveillance systems to
identify those with vested interests in your company. Aside from that, the
above tips should come in handy to amp up your cyber security measures.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!