The Essential Security That Small Businesses Can’t Skip
Cyber security can seem overwhelming, especially when you’re implementing security procedures for the first time. The good news is that it doesn’t have to be.
There are steps that all businesses must take to achieve a baseline level of network security. The following are rudimentary steps to take to establish the most basic level of security for your business. It’s important to note that these steps are a crucial starting point, but alone are not enough to fully prevent risk.
Essential Security Methods For Your Business
- Password Policies: Require users to have strong passwords (those that contain a combination of uppercase and lowercase letters, numbers and symbols) that must be changed after a set period time (such as every 6 months)
- Email Security: Have programs in place to block spam, viruses, malware and phishing attempts. Educate users on safe email habits, such as not downloading attachments or clicking on links sent from unknown senders.
- Web Security: Web filtering services can prevent your employees from visiting sites that are often sources of malware infections, but that may show up as a Google search result. Web filtering can also help control your employees’ browsing habits to keep them focused while at work.
- Antivirus: Run an antivirus program that scans your users machines to detect any viruses.
- Backup: Frequently back up company data to multiple locations. If you lose access to data you will be able to restore from one of your backups.
What Happens When You Skip Basic Security Tech?
We know. You’re wondering if you REALLY need to implement those basic security steps for your company. What’s the worst that could happen?
We recently had a client who, in an effort to reduce costs, had skipped adding email filtering and all necessary security systems on their firewall. They also had no antivirus system and an ineffective backup system.
One day, they came to us in a panic. Why?
They had been infected by a ransomware virus.
What could have been easily prevented with a few basic security measures resulted in one week of lost data, one day of downtime, and a $2,000 IT bill.
The scary part of this story? This isn’t even a worst case scenario. Considering that 60% of small and medium sized businesses close within six months of a cyber attack, we’d argue that this client got off relatively easy.
Do You Need Secondary Safeguards?
Even if you have the essentials in place, you still have exposure to cyber crime. Every business must determine if the costs outweigh the benefits of various secondary security measures, including:
- Encryption: A process that makes it difficult for unauthorized individuals to access data by scrambling its contents.
- Two-factor authentication: A security process that adds a second step to your login procedure, such as entering a PIN number sent to the phone number that is on file for your account.
- Data recovery and business continuity plan: Predetermined procedures for safe guarding and recovering data, as well as a procedure to allow your business to continue operating if it is impacted by an interruption such as a fire, power outage, or even IT system crash.
- Employee training: Training employees to identify and avoid risks while using your company network.
Auditing Your IT Network
- Performing regular IT audits will allow you to know what your network’s strengths are and what you should focus on to ensure a secure network. You should work with a trusted IT provider to determine which risks matter to you and which you are willing to invest in remediating.
- If your business is regulated -- or you or your clients are subject to any compliance standards -- an annual audit with subsequent remediation should be part of your IT budget.
The Cyber Threat That Could Destroy Your Business (If You Aren’t Prepared)
Ransomware is the single greatest threat to your business operations.
What is ransomware?
A specific type of malware that prevents users from accessing their computer system. Sometimes, it encrypts specific data on a computer system. In order to regain access, users are forced to pay a ransom to the attacker.
–Current ransomware threats include Cryptowall and Cryptolocker
You have three options for how to respond to a ransomware attack:
1.Pay the ransom (usually hundreds or thousands of dollars) to retrieve data
2.Refuse to pay but lose your data
3.Restore from a backup (the best option, but it only works if you have previously backed up your data)
The Best Way To Ensure You Can Recover From A Ransomware Attack
Backup is the single best investment to ensure you can recover from the threat of ransomware.
However, in order for a backup to be an effective recovery tactic, you must back up frequently and to multiple backup locations. If you don’t back up frequently, you may not be able to recover all of the data you lost. If you only backup to one location, and that location is compromised or damaged, you won’t be able to access your data.
Are You Ready To Secure Your Network?
If you want to protect your business from cyber crime, you must take precautionary measures to ensure a secure network.
Whether you stick to the essentials or also include secondary measures in your plan, you’ll be making it much harder for your business to be compromised.
SMEs and Cyber Attacks: What You Need to Know - Towergate Insurance
Most Small Businesses Don’t Recover From Cybercrime – Fox Business