Stay a Step Ahead: Cybersecurity in Motion
Why updating cybersecurity is a necessity for small businesses
part three of three Equipping smart employees to use smart technology
Small business cybersecurity is a multi-layered defense that combines the right technology with people trained to use it, with upgrades and training on a regular schedule. But one size does not fit all.
“Some products are tailored for home use, and some for business,” said Rohit Rao, a Senior Technology Advisor with Dell Small Business Solutions. “Small businesses sometimes opt for home-use technology for budget reasons, but there is a difference when it comes to security.”
“Security starts with the overall network,” said Rao. Small businesses are better served by a hardware firewall that is designed to stop hackers from getting in, can analyze and sequester suspicious data before it gets to a computer, and can protect networked devices that don’t have software firewalls. For home users, a combined modem/ router with less robust software-based firewall usually suffices.
The computers and devices employees use are different for business use as well, with added physical security features. Working with a consultant who can bundle solutions, offer financing** and establish what is truly necessary can help even the smallest businesses get strong security.
“One of my customers was planning to buy 10 or 15 very, very basic computers,” recalls Rao. “By understanding his needs, and working on the financing, we were able to get him better systems plus a good firewall, and that’s had a huge impact on the overall security of his business.”
Training employees is essential and can counter emerging threats Still, many of the most serious cyberthreats facing small businesses actually use employees as a way in, and even require the employee to take some action to enable the attack.
“I tell my clients, security also depends on behavior,” said Rao. “The vast majority of threats start at the endpoints, somebody clicking on a link they shouldn’t or responding to a phishing email. ”Taking the time to train employees can go a long way to repelling the most successful types of cyberattacks.
Some good training to put in place to address top threats:
Train employees to spot phishing: Often sent via email, cybercriminals use email to direct people to legitimate-looking login pages to capture login credentials and then break into or infect systems. Teach employees to check the return email address and link. If anything seems off, don’t click the link. Log in from a new browser window or call to ask about the email.
Don’t click suspicious texted links on
phones: In a new tactic used to infect mobile devices, hackers text message a link to a target. Clicking it downloads and installs a hidden app that can capture information or provide a backdoor into a network.
Establish a clear chain of approval for
financial transactions: A popular scheme involves spoofing an email to an employee, seemingly from a business leader (whom the hacker knows to be unavailable), asking for an urgent financial transfer – right to the hacker’s account. Businesses should set up backup protocols to check the validity of transfer requests.
Practice safe online habits: Set expectations about not visiting suspicious sites, not downloading unapproved software or media, and setting strong, unique passwords that are changed regularly.
Advice: Do as much as you can, and plan for the next phase Rao sees small business security is a balancing act. The key is recognizing the threats and starting with the behaviors and mentality of employees and owners. Once that is in place, the security tools they use become much more effective.
It’s also important to remember what is at stake in cybersecurity – not only direct financial losses, but potentially the loss of business secrets, customer data, legal fees, and ultimately the reputation of a business – which makes cybersecurity worth the effort for businesses of every size.