Operating a business guarantees that you are vulnerable to a cyber attack, putting you at risk of a costly data breach. This year alone, 43% of data breach victims were small businesses, discovered by the 2019 Verizon Data Breach Investigations Report. Some of the most common types of cyber attacks involve hacking, malware, phishing, and human error by employees.
As real as the risks are, there are extremely effective cyber security tactics that can help protect your business from the threats of cyber criminals. If your organization is seeking stronger cyber security, here are 11 tips to help keep your valuable data safe.
Your Comprehensive Cyber Security Assessment Checklist
1. Create Employee Cyber Security Education Programs
Employees are often the biggest risk to exposing a business to a cyber security incident. In fact, it’s been reported employees are involved in 40% of data breaches from small businesses. To reduce this risk, it’s important to educate employees about different types of cyber attacks so they can be more vigilant in preventing them from happening.
Your employee education program should include:
- Password security best practices
- Phishing awareness training
- Malware identification training
- Testing employees’ preparedness through simulated cyber attacks
Cyber security training should start early—consider making it a part of new employee onboarding to set expectations and establish best practices as early as their first day.
2. Limit Employee Access Where Necessary
As an added security measure, limit employee access to data, systems, and software to only those who require them in their role to reduce the risks of a data breach. For example, human resources professionals will need access to employees’ social insurance numbers but sales professionals do not.
Setting up appropriate access at the start of employment will help protect sensitive information from getting into the wrong hands and limits the risk of a data breach.
3. Implement SSL Data Encryption
SSL (Secure Sockets Layer) is the standard security technology used for establishing an encrypted link between a web server and a browser, ensuring that all data passed between the server and browser remain private.
Unsure if your business website is secure? A good way to check is if you see “https://” at the start of the URL in your browser.
If your business has not purchased an SSL certificate or hasn’t implemented this technology, talk to an IT professional like Nerds On Site to make sure you choose the right type for your industry, especially if you’re in finance or insurance.
4. Secure Your Business Network
There are measures you can take to secure your business network, including isolating the network where guests access a separate “guest” Wi-Fi when visiting your workplace, using a virtual private network (VPN) to encrypt all the data travelling to and from your network, and keeping all firmware and software up to date. Check out “How To Secure A Business Wi-Fi Network” to discover more network security tips.
5. Protect Your Company Network With Firewalls
A firewall is a network security device that monitors inbound and outbound traffic to your business network. Firewalls can be hardware (a physical device such as the monitor you’re reading this on) or software (a program on your computer such as Microsoft Office).
Firewalls provide a vital layer of protection to help keep your business secure, but shouldn’t be considered absolute security—firewalls are just one component of cyber security. If you are unsure of which types of firewall are best for your organization, consult an IT professional for guidance.
6. Regularly Update Company Devices
Regularly updating your operating systems and antivirus software can help eliminate unnecessary vulnerabilities to your business. Every computer in your workplace runs an operating system—such as the popular Microsoft Windows system for PCs—requiring maintenance in order to stay up-to-date with the latest security updates.
One way to make sure system updates are a regular occurrence is to set up company-wide notifications using email, internal messaging systems, and calendar reminders for employees to prevent them from hitting “dismiss” on system update notifications. Don’t hesitate to lean on your management team to encourage good habits with employees and keep these updates top-of-mind, too.
7. Require Secure Passwords On All Employee Accounts
Microsoft reports that password reuse is common in 52% of users, and these reused passwords can be cracked within 10 guesses.
Ensure your employees are not using “password” as their password across multiple accounts to avoid this risk. A secure password is unique and incorporates numbers, special characters, and a mixture of upper and lower-case letters. For helpful tips on creating secure passwords, check out our article on “How To Make Your Passwords More Secure.”
8. Enable 2FA On Company Devices
Many accounts offer an extra step for stronger security called two-factor authentication (2FA). Enabling 2FA will require you to enter your secure password and then verify your login through a secondary method such as:
- A fingerprint (through a device such as an iPhone)
- An authenticator app (such as Google Authenticator)
- A second password or secure PIN number
- A security code sent via SMS
2FA is an excellent way to enhance security, so if it’s offered on your accounts, we strongly recommend that you implement it for improved protection.
9. Create Backup Copies of Company Data
It is best practice to make a copy of your important company data and create a “backup” of the information using trusted cloud-based technology or hardware such as an external hard-drive. In the event of an incident, a backup copy ensures that your valuable information is not lost entirely.
Create 2 to 3 backup copies created on a regular schedule, such as every quarter, and to keep at least one copy off-site in case of theft or a natural disaster like fire or flooding.
10. Establish An Incident Response Team
Just like an emergency response team for environmental and medical emergencies, your organization should have an incident response team in place to address cyber incident response.
Your response team information should be accessible “in case of emergency”—including the names, phone numbers, and after-hours contact information of key incident response stakeholders such as the business owner, relevant IT professionals, finance team leadership, and any other figures critical to your business operations.
11. Perform Annual Cyber Security Assessments
Simply because a cyber security control exists does not always mean that it is effective. Performing an annual cyber security assessment will assist your organization in identifying vulnerabilities and establishing an action plan to eliminate them. For example, firewall controls won’t protect you from cyber threats if it isn’t configured properly.
Ensure that you are performing in-depth assessments on your controls and don’t hesitate to ask for assistance from cyber security professionals if you need it.
Establish Better Cyber Security Controls
Today’s internet landscape makes it essential that you do everything you can to increase the security of your valuable data and systems. Data breaches from cyber attacks are on the rise, so businesses need to stay vigilant in their cyber security efforts. A complete cyber security approach consists of multi-layer controls to ensure complete protection and defence against harmful cyber threats.
Nerds On Site protects your business like nobody else can with adam:ONE, our exclusive DNS-based firewall and gateway solutions software. While the conventional method starts by giving everyone access to your networks and then kicking out known bad actors, adam:ONE gives nobody access before it is determined they are safe.
When you make Nerds On Site your cyber security partner, you are enlisting the expertise of our entire team of cyber security experts with over 100 years combined experience.
To help your business get started, we’ve prepared a FREE Cyber Security Checklist that will guide you through some of the steps to better data protection.