Everyone talks about Cybersecurity and the threats faced by small business. There are very few sources that give you any idea about how to protect your business from these threats in a comprehensive way. This article may not cover all the bases, but it will point you in the right direction.
1. Back up your data. Not only does it protect you against losing data if you experience a hardware failure, or a disaster that destroys your computers, it can also protect you against ransomware that encrypts your data, or other malware that destroys it altogether.
2. Secure your network with a state-of-the-art firewall. It will not prevent all attacks, but will make your network considerably less vulnerable. Also, periodically change your Wi-Fi passwords. ISP and consumer class routers are designed to provide data service, not secure it.
3. Run reputable antivirus/antimalware software on all your computers, including your server, and make sure both the program versions and virus signatures are kept up to date. Also keep your computer operating system and applications up to date with patches.
4. Provide each user with just enough access rights to get their job done. Review those rights, and change passwords frequently. Also, make sure any cloud software you use is secure, and implement additional security features such as multiple factor authentication and encryption.
5. Encrypt portable data stores such as flash drives, USB hard drives, laptops, smartphones and tablets. A lost laptop, smartphone or external hard drive has led to many major data breaches. Encrypted devices substantially reduce the risk of data being compromised.
6. Secure your building, and put your server(s) in a locked room. Electronic security is much easier to maintain with employee turnover and changing roles, than changing locks and keys. It’s also hard to justify someone walking off with a backup drive from an unlocked server room!
7. Conduct background checks, including credit checks, on employment prospects, and periodically on employees with access to sensitive data. Internal leaks and fraud are leading causes of Cybersecurity breaches. Keeping on top of employee risks also reduces your liability in the event of a breach.
8. Make sure your HR policies address appropriate use of the company network and handling of company data, and detail any sanctions for disobeying those policies. It may not help much, except when defending against lawsuits.
9. Have your corporate or outside attorney review any contracts with parties gaining access to your company data, client data, or your computer network. If you are on the hook financially for any data compromised by a cloud vendor or service provider, you need to know that.
10. Buy a Cyber Insurance policy, and make sure it protects you against third party data breaches of any data your company is a custodian of. A good Commercial Property/Casualty Insurance Agent can guide you to the correct coverage.
We could add an eleventh item to this list – hire a competent IT firm to help you manage the security of your data. If you don’t already have one, then we will be happy to help.