[BreachExchange] 5 Cybersecurity Tips for Small Businesses

[Audrey McNeil]

https://www.msn.com/en-us/finance/technology/5-cybersecurity-tips-for-small-businesses/ar-AAAC7JE

Today, small businesses often collect data on customers. Many also use
digital tools to store important work. Whenever you have data that must be
accessible, or customer information that could be vulnerable to hackers,
it's imperative to take steps to protect these valuable digital assets.
This means establishing and following best practices for cybersecurity.

These tips can help you ensure your company is as safe as possible from
nefarious actors who could lead to data loss or information falling into
the wrong hands.

1. Establish and enforce a password policy

Many hackers aren't sophisticated masterminds. Instead, they're successful
scammers who use phishing emails to get you to give up your passwords, or
they're able to obtain enough information from social media postings to
guess your passwords and gain access.

To make sure your company isn't vulnerable to being hacked, every single
person -- from the CEO down to the newest entry-level hire -- needs to
follow the same strict rules for password security. This means using strong
passwords with uppercase and lowercase letters, numbers, and special
characters.

Make sure passwords are on the longer side so they can't be puzzled out by
brute force, avoid using the same password for multiple sites, and don't
use words that can be guessed easily, such as a pet's name or a spouse's
name. And make sure passwords are changed every few months.

2. Implement two-factor authentication protocols

Another way to get closer to being hack-proof is to implement two-factor
authentication. With two-factor authentication, not only is a password
necessary to gain access, but the user also needs some other piece of
information. For example, your sign-in process could require would-be users
to receive a code via text or voice call that has to be entered to gain
access.

There are comprehensive online guides to help you turn on two-factor
authentication for company networks, although you'll likely need help from
IT professionals. When you use third-party services, such as Gmail to
manage company email, you can easily opt in to two-factor authentication by
letting your provider know you're interested.

3. Limit access to information

When your company has especially sensitive information, it's important to
restrict how many people have access to it. This might mean requiring
additional passwords to access certain files or using encryption tools to
keep the most private information secure.

You might also want to think seriously about whether it's worth the risk to
give employees access to data on mobile and personal devices. The more
connections to your network, the harder it is to control access -- and the
more people who have company data on personal devices, the more difficult
it is to strip access in the future when people leave your organization.

4. Provide employee training on cybersecurity

Your company's data is as vulnerable as your most careless employee. That
means every worker should receive proper training on how to keep
information secure.

This should include not only instructions on best practices for passwords
but also training on:

Email safety, including not clicking unknown links or downloading strange
attachments.
Limiting physical access to devices.
Why it's important to avoid using unsecured public networks.

The more vulnerable your company is to being hacked, the more essential it
is to provide this training.

5. Keep only what you need and destroy data before disposal

One of the biggest risks to your business is a data breach. Data breaches
could lead to regulatory action and legal liability if customer information
falls into the wrong hands.

To reduce the likelihood of a damaging breach, keep the absolute minimum
amount of customer data. If you don't absolutely need credit card and
Social Security information on file, don't keep it.

And when you dispose of old equipment, including hard drives, make sure
there's no sensitive data by using special software to completely wipe out
the info. Simply reformatting the drive might not be enough.

Your company can't afford to fail at cybersecurity

You don't want your business to be hacked, customer information to fall
into the wrong hands, or nefarious actors to lock down your essential data
and demand a ransom.

To make sure your networks and data are secure, take the time to get
cybersecurity right. If you need help, talk to IT professionals -- it's far
cheaper to get a consultation and create a plan than it is to deal with the
loss of your data.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180925/e28f83bf/attachment.html>