Your small business can’t afford to get infected with malicious software. Here are 12 effective cyber security tips to safeguard your company’s data.

I don’t have to tell you about the latest data breach, it’s like the evening news we have become numb to all the losses. Aetna, Jason’s Deli, CarePlus, Partners HealthCare, FedEx, Panera Bread the breach list is endless. So the real question is:what is the root cause of these data breaches? Is it people, processes or technology or all of the above?

As we in Audit look at people, processes and technology, we must at some point be able to tell organizations that the IT director can’t also be the chief security officer and the IT manager can’t be the systems admin, security engineer and the security analyst. Also IT should not be procuring all audits, the board and the CEO must be leading this effort. Otherwise it’s not likely to be very balanced or meaningful.

I have worked in IT departments where this was the case, and it’s always a weak performing organization when it comes to security and compliance. I also see it every day as an auditor, it’s the root cause of so many poor audits and eventual data breaches. The question is how to delicately tell the corporation without any strict regulations forcing the issue (that’s not required to be data security compliant) that this is in their best interest. How do we start a real dialog with boards and CEOs to make this point clear? This a lengthy topic for another Blog article, so stay tuned and we will cover this soon. In the meantime, follow these industry tested cyber security tips for survival.

Keyword(s): cyber security tips
Don’t assume that your small business is safe from a cybersecurity breach. In a single year, 61% of attacks are now on small businesses.
These attacks end up costing $84,000 to $148,000. Of those small businesses attacked, 60% go out of business within six months of the attack.
Why risk those odds with your small business? Use these 12 cyber security tips to prevent your small business from becoming another victim.

  1. Have a Backup
    Create a process to back up all critical data on a regular basis. When ransomware attacks, company operation can continue by picking up with the backup. What is critical data? Whether you sell auto parts or flowers, then your financial data and customer orders are critical. Remember also if you sell to an individual that is a European union citizen, then you are subject to (Global Data Protection Regulation) GDPR. More on this later but its a Privacy act from Europe that impacts the globe when it comes to protecting customers privacy. IE: if your systems are hacked and you lose customers data you can be subject to significant fines and penalties.
  2. Assess Risk
    Do not make the mistake of thinking your company isn’t a target. You need to identify any valuable data. IE: what data runs your business? When the power goes out how do you run transactions? If your computer system crashed could you recover?
    Then look for any potential threats. Finally look for the weak points in your system that are most vulnerable and make sure that you address the highest risk vulnerabilities first. Your options when faced with a risk are to: Accept it, Avoid it, Transfer the risk or Mitigate it.
  3. Update Your Software
    The majority of software providers distribute free updates for their licensed products. New threats appear on an ongoing basis. Update your software to protect against these new threats. IE: each day thousands of new attacks are targeted at any and all computing systems and their applications. These patches are the vendors response to provide stability and security to an other wise compromised piece of software.
  4. Create an Action Plan
    Having a response plan in place will help mitigate the damage when a breach happens. Keep the plan simple, realistic, and actionable. IE: a simple plan of who to call to restore your internet, servers and how to run in manual mode until things come back up are a good starting place.
  5. Name a Key Person
    Choose one person who handles putting the action plan in motion. This reduces confusion and the potential for conflicting actions. IE: also add a call tree of who to call and put your emergency plans into action.
  6. Create a Defense
    Create a digital wall around your systems. Firewalls, anti-virus, and anti-spyware work to prevent unauthorized people from viewing your data.
    Don’t forget to secure your Wi-Fi network. Always use a complex and unique password. To learn more about complex passwords visit: Secure Passwords
  7. Educate
    Teach your employees about the importance of the best practices to stay cybersecure. They are the first line of defense for safe browsing, avoiding phishing, and safe email use. Contact us for cyber security awareness training options.
  8. Approve the Least Amount of Privilege
    When creating accounts, give each one the least amount of access necessary. This limits the number of potential risk points. If a breach does happen, the exposure can be limited to a specific account’s access.
  9. Protect Your Passwords
    Always change the default password to a custom one. Default passwords are easy to decipher and available online.
    Each employee should have their own unique complex password. They should also change on a regular basis.
  10. Do Not Share Accounts
    Do not let your employees share accounts. This means no using a community account or freely sharing individual login credentials. This prevents accidental leaks and malicious intentions of a disgruntled employee. It also allows you to identify the source of a breach.
  11. Watch the Privileged Accounts
    Limiting the number of accounts with the highest privileges is a great start. Those highest accounts are capable of covering up malicious activities though.
    Use monitoring software to supervise their activities. This will ensure they are not compromised or doing anything malicious. IE: This is how Banks are run, not everyone gets access to the safe and not just one person can transfer $1000000 dollars, Its least privilege and separation of duties.
  12. Don’t Forget Personal Devices
    Security for business doesn’t end with the equipment in your office. Employees who access the system from home or on personal devices are a weak point in your security. IE: the average smartphone or USB storage device can be used to transfer many Gigabytes of data from your business right out the door.
    Ensure data encryption occurs on these devices. Track activity on these devices. It is easy to hide malicious activity with data stored on external devices.
    Use These Cyber Security Tips
    By following these cyber security tips you will keep your business safe from a breach. Start by creating an action plan by assessing the risks.
    Have one person that will put the plan into motion if a breach happens. Maintain ongoing security by limiting access, creating secure passwords, and monitoring activity.
    Stay diligent about maintaining standards. This will help you avoid attack or reduce damage when one happens.
    Let us help you put these small business tips for cyber security.
    Depending on your business size and its regulatory environment, you may benefit from our Virtual CISO program. A Virtual Chief Information Security Officer. Use the contact link above to learn more.