You may assume that cybersecurity is an issue reserved for large, sophisticated enterprises, but think again. Small businesses are actually just as - if not more- vulnerable to cyberattacks as larger organizations. Small businesses can make very attractive targets for malicious hackers and cyber criminals because they have the same access to personal information, credit card numbers and passwords as larger businesses, but often with fewer security policies and practices in place.
Cybersecurity should be an integral part of the business continuity planning process – preparation is critical for avoiding and/or recovering from a cyberattack. Keep reading for ten dos and don’ts of small business cybersecurity.
- DO be cautious of suspicious emails & links. Phishing attacks are one of the most common ways hackers can target your small business. Phishing is when malicious actors send fraudulent messages to users that can appear to come from a reputable source. These communications are designed to trick users into falling for a scam or revealing sensitive information or to deploy malicious software on the victim's infrastructure. To prevent a phishing attack, screen all emails and messages before opening or responding to them and don’t click on unusual links or download attachments unless you are certain of the sender.
- DO use advanced passwords and employ multi-factor authentication (MFA). The strength of a good password should never be underestimated, as it is the first step in protecting your systems and programs. Avoid repeating passwords and utilize long, unique, passwords in combination with MFA for your devices and logins. The extra verification step helps neutralize the risk associated with compromised passwords; without approval at the second factor, a password that has been stolen, hacked or guessed is useless.
- DO utilize antivirus software and firewalls. Manually monitoring your devices for suspicious activity should be standard practice, but you can also employ antivirus software to boost protection for your small business. For more information about how to protect your devices and business operations, check out these 5 Antivirus Software Options for Small Business Owners.
- DO stay alert and report suspicious activity. If you come across anything online (or in person) that seems a bit unusual, always err on the side of caution. Instead of just deleting a sketchy email or ignoring a “red flag,” report any and all suspicious activity to your antivirus software provider or a trusted IT specialist.
- DO have a back-up Internet solution in place. Cyber threats become more complex every day and can affect your systems and networks beyond just stealing information. For example, a severe enough cyberattack has the ability to compromise your primary Internet connection. This can be extremely problematic for small business owners who rely on connectivity to conduct daily business operations. For this reason, having an Internet Continuity solution in place is an essential part of your small business’s cybersecurity program.
- DON’T fall victim to scammers. Security attacks don’t always come in the form of bugs or advanced malware code. Real people with bad intentions look for ways to scam small businesses out of information or money every day, with seemingly innocent requests that can impact the safety or health of your business long term. Make sure to vet every inquiry that doesn’t come directly from a trusted source or seems suspicious.
- DON’T put off software updates. Cyber attackers look for holes in programming code that allow them to infiltrate your network and steal or harm your information. Software developers continually create “patches” for these holes as they are discovered, protecting the system from a hacker or malicious code. These patches come via software updates and only work when applied, so any time a verified “Software Update Available Now” notification pops up on your device, don’t hit “dismiss!”
- DON’T forget to password-protect all sensitive devices, files, and documents. Important documents or devices that house sensitive information should always be protected by password. When left open, they are extremely vulnerable to cyberattacks and critical data can be stolen or damaged in the blink of an eye.
- DON’T connect to public Wi-Fi on work devices. Free and public Wi-Fi networks are fertile ground for scammers and hackers, who try to position themselves between you and the connection point in order to receive unfiltered access to your devices. Any time you’re using an unsecured connection, you run the risk of exposing your online activities and sensitive data to cybercriminals, so be extra vigilant with any device your small business utilizes.
- DON’T be left facing a cybersecurity incident without a plan. You never know when your small business may fall victim to an attack with potentially devastating results. Having a business continuity plan that outlines how to respond to a cybersecurity incident can make a huge difference in your ability to continue operations after a cyberattack.
Prioritizing cybersecurity should be at the top of every small business owner’s to-do list, no matter how safe you think you may be. These ten dos and don’ts will help you protect your small business and fend off cyber attackers.