According to the 2018 Hiscox Small Business Cyber Risk Report, 47% of small businesses experience at least one cyberattack over the course of a year. Despite this concerning statistic, the report also found that only 52% of businesses have a cybersecurity strategy in place.
A cybersecurity strategy is a core component of running a successful, safe business. Here are some easy and inexpensive practices that can help you and your staff fortify the digital defenses of your business with little effort.
Know the Key Terms
In an age where data breaches and ransomware attacks regularly make the news, most people understand that cybersecurity is important, but many may still be wondering: What exactly is it? Before we get into techniques, we’d like to define a few key terms.
- Cybersecurity: In a business context, cybersecurity means protecting the computing infrastructure of your business on the Internet, whatever that infrastructure includes. PCs, servers, smartphones, and even smart TVs are just a few of the devices that need to be defended from people and organizations that intend to infiltrate your infrastructure for various, mostly nefarious, purposes.
- Cyberattack: A cyberattack is an attempt by an individual or group to breach, disrupt, or otherwise damage your organization’s computing infrastructure. This can take many forms, from tricking a user into relinquishing control of their computer to installing malicious software on premises by plugging in a USB drive.
- Attack Surface: The vulnerable parts of your infrastructure make up what cybersecurity professionals call an attack surface—the full network of devices, software applications, and even physical infrastructure that can be the target of a cyberattack. Put simply, it’s your total risk exposure.
- Malware: Short for malicious software, malware is an umbrella term that covers the full range of digital threats. Viruses, worms, ransomware, spyware, and adware are all malware.
Cybersecurity is a large, complicated field, and we can’t cover the entire vocabulary surrounding it in one post. However, we hope that by clarifying some of the terminology, the following advice on how to protect your business on the Internet will make a little more sense.
Update Your Software and Operating Systems
It’s good advice that every business should heed: Regularly install software and operating system updates across all of your devices. While the reminders that periodically appear on your PC or smartphone may seem annoying, these updates often contain vital security patches and feature improvements that can better protect your digital assets.
This advice goes double for web browsers, which are among the applications most vulnerable to becoming attack vectors for malware and cyber criminals on the Internet. Business owners should pay careful attention to any Internet-connected software.
As part of your overall strategy, be sure to communicate this frequent-update policy to your employees, especially those who use personal devices on your business Internet connection—such as smartphones and tablets—that need to be updated frequently to minimize your overall attack surface.
In the unfortunate event that your information is compromised, whether by a bad actor or a bad hard drive, backups are essential. The good news is that you have tons of options for backing up your data. The bad news is that the amount of choices can be overwhelming.
From hosting with a trusted third party in the cloud to on-premises backups managed by your own IT team, the right choice for backing up your data depends on factors that include price, convenience, and how willing you are to trust someone to safeguard your company’s information assets. But in the end, there are so many great choices that there’s no excuse for not creating backups.
We encourage you to do some research before settling on a plan. Pursue several options that align with your available budget, the amount of storage space you need, and your team’s technical understanding.
Protect Your Passwords
Password security is an essential component of every cybersecurity plan and one of the simplest to get right. Here are a few recommendations that should help you and your employees better manage and safeguard the passwords that, in turn, safeguard your information.
- Don’t Reuse Passwords. Think about it this way: If a hacker gains access to one of your accounts by stealing your password, how many other accounts could they infiltrate? By using different passwords for all of your accounts, you’re making sure that one compromised account won’t give up the rest. It’s much easier to recover one account than a dozen.
- Keep Written Passwords in a Safe Place. This advice is as old as passwords themselves, but it’s no less relevant today. If you write down your passwords, either on paper or in a file on your computer, they’re immediately more vulnerable. If you find yourself struggling to remember them all without writing them down, consider using a password manager like LastPass, which generates strong passwords for all of your accounts and remembers them for you. If you do write down your passwords, make sure to keep them in a safe and secure place.
- Use Longer, More Complex Passwords. A longer password is almost always a stronger password. While eight characters is often the minimum, you should aim for as complex a password as you—or your password manager—can remember.
Enable Two-Factor Authentication
To add extra security to your accounts, enable two-factor authentication, a security process that requires the user to provide two different authentication factors when logging in.
This helps to better protect both the user's credentials and the resources that the user can access. You can usually do this by registering a phone number or installing an app.
Think Before You Click
Clicking an unsafe link is one of the easiest ways to compromise the information of your business on the Internet. Cyber criminals will try to trick you into clicking links that capture sensitive information or install malware on your device, so be vigilant.
Remember the phrase “don’t judge a book by its cover”? Emails with dangerous links often look as if they were sent from a reputable source, such as someone you know or a service you subscribe to. These phishing attacks often include a seemingly legitimate reason for you to follow the link, with phrases like “new message” or “action required.”
Never click links or open emails from sources you don’t recognize or whose identity you can’t verify. If you are sent a suspicious email or link from anyone, even from someone you know, the best advice is not to click it. Additionally, you should install antivirus and anti‑phishing software on your computer to limit your exposure and vulnerability to potential risks like unsafe links.
Secure Your Business Internet Connection
Your business Internet connection can be an easy way for others to access your data, so you should secure your Internet connection so that only employees can use it. If you want to provide your customers with an onsite Internet connection, we recommend setting up a separate “guest” network for them. Having a designated public network is a simple precaution that you can take to prevent people from joining your main business Internet connection, keeping your sensitive, internal information more secure.
The tactics we’ve discussed are simple methods that can be implemented by everyone in your business to make sure that your organization’s data remains safe and protected.