Defend, Detect and Repel
Part one of a three-part series on cybersecurity for small business
98.2% of all enterprises in the U.S. are small businesses with fewer than 100 employees
(U.S. Census Bureau, 2015)
They are thriving thanks to a new generation of networked devices, smart workspaces and new ways to innovate, collaborate and engage with customers.
However, those tools have exposed small businesses to new threats. While many owners think they are too small to be targeted by cybercriminals, they are in fact a top target because there are so many small businesses and their security measures tend to be less robust than large organizations.
Don’t become a cybercrime statistic. Learn how you can protect your business both proactively and reactively, through a mix of technology and educated employees.
Secure access to shield your business from hackers
Building a shield of robust technology and smart people starts with knowing the threats you face and putting defenses in place that are oriented towards those threats.
Just as important as having the right defenses is ensuring they are used correctly – a lock only works on a door that is closed.
SECURITY MEASURE: Train your employees. Help them learn to spot fraudulent emails, not click on suspicious links or attachments, use secure passwords and change them frequently.
WHY IT’S IMPORTANT: Fraudulent emails are a common first step used to steal passwords or scam an employee. Many viruses come through email or unsafe web browsing. Weak passwords can be guessed in mere hours.
SECURITY MEASURE: Use email encryption. Install software to encode emails so that they can’t be read if they are intercepted by a hacker.
WHY IT’S IMPORTANT: A great deal of sensitive business information is sent via email, making it a common target of attacks. Setting it up to encrypt automatically is critical.
SECURITY MEASURE: Protect network access
and devices. Require logins on your Wi-Fi, network, computers and mobile devices. Use the latest laptops equipped with security-enhancing 8th gen Intel® Core™ i5 vPro™ processors and hardware login security like TPM 2.0 (Trusted Platform Module), fingerprint readers and facial recognition.
WHY IT’S IMPORTANT: Unprotected networks and devices offer many opportunities for hackers to get into your shared files and cause harm.
SECURITY MEASURE: Use robust anti-virus and
firewall solutions. High-quality security solutions like McAfee are affordable and effective at sniffing out attacks and helping repel them.
WHY IT’S IMPORTANT: Attackers change tactics often. Network security systems are best able to keep on top of the latest threats and give you time to react if an attack does get past first-line defenses.
Detect, repel and recover from attacks
Hackers are creative, tenacious and persistent. The sheer number of cyber attacks shows why small businesses need to be vigilant. Some attacks will get through. If it happens to your business you can still take action as long as you have planned and prepared.
PREPARE: Establish a cybersecurity incident plan. By having clearly laid out steps to follow, you eliminate panic and ensure a rapid response to attacks, with everyone working together.
WHAT’S INVOLVED: Make sure your employees are trained on what to do if an attack gets through – notifying an established (or pre-identified) security lead on your team and dealing with infected devices and files. Ensure the right people know where backups are kept and how to deploy them.
BACK EVERYTHING UP: Automatic backups can
avert disaster. A reasonable investment in backup technology can ensure business continuity.
WHAT’S INVOLVED: Backups often involve software that automatically copies files on protected computers and copies it either to a separate data storage drive at your business or cloud storage,
preferably both.
DETECT: Make network monitoring someone’s
job. On average, malicious software lives in a network for months before being detected, often because no one looked for it.
WHAT’S INVOLVED: Setting up and using anti-virus and firewall software. Businesses must also establish policies for reviewing reports, tracking down threats and removing them.
REPORT: Call in reinforcements and alert
stakeholders. An attack isn’t a time to improvise. Don’t be afraid to ask for help fixing things and make sure customers or other stakeholders know.
WHAT’S INVOLVED: Transparency about attacks gets the right people involved to set things straight. You can also educate employees to watch for similar attacks, and your experience may help inform other businesses.