ByTheodore “The Wisdom Man” Henderson
Best Selling Author, Certified Social Media Security Professional, Leadership Authority
Author of“30 Smart Ways to Protect Yourself from Cyber Criminals” [Kindle Edition]
Criminal activity in the cyber world has grown both in sophistication and in the resultant cost to businesses. Companies previously battled the continual introduction of new malware into their computer networks while at the same time repelling breaches by hackers and discontented employees. Times have changed, now they also have to wrestle with highly organized and intelligent cybercriminals who can do severe damage to all the important areas of a company’s business environment such as reputation, intellectual property, productivity, financial assets, and customer data.
Despite the risks we can’t get away from deploying more and more innovative technology for our businesses. Technology is a small and medium sized business’ best ally in leveling the playing field against the “big boys”. Leveraging broadband and information technologies are formidable instruments particularly for small businesses to penetrate new markets and increase sales along with productivity. However, cyber security threats are real and businesses must implement the best tools and tactics to protect themselves, their employees, and their customers’ data. Here are ten key cyber security tips to protect your small business:
1. Educate and train employees in security principles.
Create basic security practices and policies for employees, such as demanding strong passwords and mandate appropriate Internet use guidelines that specify penalties for violating company cyber security policies. Establish rules of behavior describing how to treat and guard customer information and other important data.
2. Shield information, computers, and networks from cyber attacks.
Keep clean machines: having updated security software, web browser, and operating system are the best defenses against viruses, malware, and other cyber security threats. Program your antivirus software to run automatic scans after each software update. Manually install other key software updates as soon as they are available.
3. Provide “firewall” protection for your Internet connection.
Simply stated, a firewall is a group of related programs that prevent unauthorized users from accessing data on a private network. Be sure to enable the operating system’s firewall or install free firewall software from a secure online provider. If employees work from home, ensure that their home system(s) are protected by a firewall and if possible they have access to a virtual private network or VPN. My blog post – “A Virtual Private Network (VPN) Is A Must Have For Your Personal Cyber Security” -goes into detail on this topic for small and medium businesses.
4. Establish a mobile device action plan.
Smartphones and Mobile devices provide both power and flexibility to the individual or remote worker but at the same time can create significant security and management challenges, particularly if they contain confidential information or can access the corporate network. Make it mandatory for users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to outline reporting procedures for lost or stolen equipment.
5. Backup important business data and information.
Regularly backup the data on all computers automatically. Vital data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, accounts receivable, and accounts payable files. A data backup should be done at a minimum once per week or automatically multiple times weekly and store the copies offsite or in the cloud.
6. Limit physical access to your computers and create distinct user accounts for each employee.
Avoid access or use of business computers by unauthorized individuals. Tablets and laptops can be particularly easy targets for theft or can be lost, so lock them away when unattended. Make sure a distinct user account is created for each employee and require strong passwords.
Administrative access should only be given to trusted IT staff and vetted key personnel.
7. Secure and sheild your Wi-Fi networks.
If you are providing connectivity in the workplace and have a Wi-Fi network installed, make sure it is secure, encrypted, and
concealed. To conceal your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name,
also known as the SSID (Service Set Identifier). Of course, password protect access to the router at all times.
8. Employ best practices on credit and debit cards.
Work with banks, financial institutions, or processors to ensure the most trusted and validated tools and anti-fraud services are being utilized. You may also have additional security obligations related to agreements with
your bank, financial institution, or processor. Segregate payment systems from other, less secure programs and absolutely do not under any circumstances use the same computer to both process payments and surf the Internet. This would be akin to leaving the vault door open to the public and then going to lunch expecting that nothing would be missing when your returned.
9. Limit employee access to data and information, and limit authority to install software.
Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they
need for their jobs, and should not be able to install any software without permission.
10. Passwords and authentication.
Compel employees to use passwords and change passwords every three Months minimum. Consider implementing double or multifactor authentication that requires additional information beyond a password to gain access. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account. All major financial institutions will offer some form of multifactor or double authorization.
Source: Federal Communications Commission, Small Business Administration
For more information on these and other tips see the e-book “30 Smart Ways to Protect Yourself from Cyber Criminals”: Kindle Store http://amzn.to/1jdcwog
About Theodore Henderson
Theodore Henderson is an Amazon best selling author, Certified Social Media Security Professional Powered by CompTIA, and a Certified Leadership Coach. He is the author of the Security eBook 30 Smart Ways to Protect Yourself from Cyber Criminals aimed at owners of Smartphones, Mobile Devices, and also those who have significant online activities including Social Media, financial services, etc. In addition he authored the eBook “9 Simple Strategies to Becoming A Strong Leader.” He is available for keynotes, seminars, and workshops. He may be reached through www.SocialMediaSecurityTraining.com.