According to the 2018 Hiscox Small Business Cyber Risk Report, 47% of small businesses experience at least one cyber attack over the course of a year. Despite this concerning statistic, the report also found that only 52% of businesses have a cybersecurity strategy in place. We urge you to implement a cybersecurity strategy, which is a core component of running a successful, safe business. Apart from drafting a full plan, there are some easy and inexpensive practices that can help you and your staff fortify the digital defenses of your business with little effort.
Know the Key Terms
In an age where data breaches and ransomware attacks regularly make the news, most people understand that cybersecurity is important, but many may still be wondering, what exactly is it? Before we get into techniques, we’d like to define a few key terms.
Cybersecurity: In a business context, cybersecurity means protecting the computing infrastructure of your company, whatever that infrastructure includes. PCs, servers, smartphones, and even smart TVs are just some of the devices that need to be defended from people and organizations that intend to infiltrate them for various, mostly nefarious, purposes.
Cyber Attack: A cyber attack is an attempt by an individual or group to breach, disrupt, or otherwise damage your organization’s computing infrastructure. This can take many forms, from tricking a user into relinquishing control of their computer to installing malicious software on premises by plugging in a USB drive.
Attack Surface: The vulnerable parts of your infrastructure make up what cybersecurity professionals call an attack surface—that is, the full network of devices, software applications, and even physical infrastructure that can be the target of a cyber attack. Put simply, it’s your total risk exposure.
Attack Vector: This term describes a specific device, software application, or method that a bad actor can use to execute a cyber attack.
Malware: Short for malicious software, this is an umbrella term that covers the full range of digital threats. Viruses, worms, ransomware, spyware, adware, and the rest are all malware.
Cybersecurity is a large, complicated field, and we can’t cover the entire vocabulary surrounding it in just one post. However, we hope that by clarifying some of the terminology, the following advice on how to protect your business will make a little more sense.
Update Your Software and Operating Systems
It’s good advice that every business should heed: Regularly install software and operating system updates across all of your devices. While the reminders that periodically appear on your PC or smartphone may seem annoying, these updates often contain vital security patches and feature improvements that can better protect your digital assets. This advice goes double for Web browsers, which are among the applications most vulnerable to becoming attack vectors for malware and cyber criminals. As part of your overall strategy, be sure to communicate this frequent-update policy to your employees, especially those who use personal devices on your business Internet connection, such as smartphones and tablets, which need to be updated frequently to minimize your overall attack surface.
In the unfortunate event that your information is compromised, whether by a bad actor or a bad hard drive, backups are essential. The good news is that you have tons of options for backing up your data—the bad news is that the amount of choices can be overwhelming. From hosting with a trusted third‑party in the cloud to on-premises backups managed by your own IT team, the right choice for backing up your data depends on factors that include price, convenience, and how willing you are to trust someone to safeguard your company’s information assets. But in the end, there are so many great choices that there’s no excuse for not creating backups. We encourage you to do some research before settling on a plan—pursue several options that align with your available budget, the amount of storage space you need, and your team’s technical understanding.
Protect Your Passwords
Password security is an essential component of every cybersecurity plan and one of the simplest to get right. Here are a few recommendations that should help you and your employees better manage and safeguard the passwords that, in turn, safeguard your information:
- Don’t reuse passwords. Think about it this way—if a hacker gains access to one of your accounts by stealing your password, how many other accounts could they infiltrate? By using different passwords for all of your accounts, you’re making sure that one compromised account won’t give up the rest; and it’s much easier to recover one account than a dozen.
- Don’t write down passwords. This advice is as old as passwords themselves, but it’s no less relevant today. If you write down your passwords, either on paper or in a file on your computer, they’re immediately more vulnerable. If you find yourself struggling to remember them all without writing them down, consider using a password manager like LastPass, which generates strong passwords for all of your accounts and remembers them for you.
- Use longer, more complex passwords. A longer password is almost always a stronger password. While eight characters is often the minimum, you should aim for as complex a password as you, or your password manager, can remember.
Enable Two-Factor Authentication
To add extra security to your accounts, you can enable two-factor authentication. Two-factor authentication is a security process that requires the user to provide two different authentication factors when logging in. This helps to better protect both the user's credentials and the resources that the user can access.
You can usually do this by registering a phone number or installing an app.
Think Before You Click
Clicking on an unsafe link is one of the easiest ways to compromise your information. Bad actors will try to trick you into clicking links that capture sensitive information or install malware on your device, so be vigilant. Remember the phrase “don’t judge a book by its cover”? Emails with dangerous links look like they are sent from a reputable source, such as someone you know or a service you subscribe to. These phishing attacks often include a seemingly legitimate reason for you to follow the link, with phrases like “new message” or “action required.” Never click links or open emails from sources you don’t recognize or whose identity you can’t verify. If you are sent a suspicious email or link from anyone, even from someone you know, the best advice is not to click it. Additionally, you can install antivirus and anti‑phishing software on your computer to limit your exposure and vulnerability to potential risks like unsafe links.
Secure Your Business Internet Connection
Your business Internet connection can be an easy way for others to access your data, so you should secure your business Internet so that only employees can access it. If you want to provide your customers with an onsite Internet connection, we recommend setting up a separate “guest” network for them. Having a designated public network is a simple precaution you can take to prevent people from joining your main business Internet connection to access sensitive internal information. You can also consider investing in a backup Internet solution if your primary connection goes down. To learn more, check out our post about Four Factors to Consider when Choosing an Internet Backup Solution.
While the Internet presents a vast amount of opportunities to help you grow and sustain your business, it also introduces another access point to your important information. The tactics we’ve discussed are simple methods that can be implemented by everyone in your business to make sure your organization’s data remains safe and protected.