Guest Contributor: David Humphreys, CISSP, Principal Security Consultant, Avasek
If you think your business is at low risk of a cyberattack because it’s too small for cybercriminals to notice, it’s time to change your thinking. According to 2016 threat data from Symantec, 43% of all cyberattacks target small businesses. This is a significant rise from the 18% seen in 2011.
Today, 1 in 40 small businesses are at risk of becoming victims of cybercrimes, and cybercriminals are choosing their victims carefully by going after easy targets.
Ensure your data remains secure with the following network security tips for small businesses.
One of the biggest cybersecurity threats to small businesses is human error. This can include mistakes like leaving accounts open on shared computers, failing to update passwords regularly, accidentally downloading malicious files, and giving away information through phishing scams.
Educating your employees about proper cybersecurity can help you mitigate some of this risk to the network. Let them know how to spot the signs of a phishing scam and what to do if they become a victim. Also, talk about the importance of software updates and how to keep business and personal devices updated.
Make sure that you have security policies in place and that your employees understand these policies. These policies should cover rules regarding device and network access, password strength and frequency of change, best practices on file sharing, security application policies, reporting procedures on lost or stolen devices, and more.
Keep software updated
Another common threat for small businesses is outdated software. Whether it’s a website content management system, financial or inventory-tracking software, anti-virus programs, or operating systems, you should focus on keeping all your software up-to-date.
Older software versions are easier to hack because cybercriminals have learned where the loopholes are. Updates patch those security vulnerabilities and improve functionality to protect your business against viruses, malware, and other forms of hacking.
In some cases, software updates aren’t available to older hardware models, so you may need to update your computers and other hardware every few years.
Safeguard your WiFi
Your company’s WiFi network can act as a point of entry for cybercriminals. However, there are steps you can take to secure your Internet connection. First of all, ensure you’re using a firewall and that all your data that passes through the network is encrypted.
Password-protect the router, and only allow access to employees. Consider hiding your network so others can’t try to access it, which you can do by setting up your router so it doesn’t broadcast your network name.
If your business needs a public WiFi option for customers or vendors to access, set up a second network specifically for this purpose. Ensure, however, that employees are connecting to the secure network and not the public network, especially when accessing sensitive business data.
Use a VPN
A virtual private network (VPN) can add an extra layer of security to your web browsing. This is especially true when accessing business files over public or unsecured networks.
VPN providers route your data first through their servers and will mask your IP address and encrypt data to keep your browsing history, passwords, and more protected from potential hackers. If your employees have access to a VPN, you can reduce the risk of having passwords or business files intercepted when employees are accessing your accounts and software on-the-go.
Many large corporations establish their own VPNs. This may not be a practical option for small businesses, but that doesn’t mean you’re at a complete loss. Consider working with a VPN service provider. There are many VPN services available across the Internet, though you’ll want to avoid free services since free VPNs can be unreliable.
Use two-factor authentication
When you have the opportunity to use two-factor authentication, use it. Cloud databases are commonly hijacked when users haven’t turned on authentication or when they’ve left outdated versions exposed. According to Symantec’s 2017 Internet Security Threat Report, cloud infrastructure vulnerabilities are a serious threat.
Be sure to establish safe practices when using and accessing cloud services; don’t pass the responsibility of security to the cloud provider.
Cybersecurity is a problem for businesses of any size, but by taking proper precautions, you can greatly reduce the risk of becoming the next cyber victim.