Does Your Small Business Need a Cyber Security Tune-up?
Cyber security threats are by no means limited to big brands and multinational businesses. According to the RCMP, cyber crime is expanding, and the tools and knowledge to perform cyber attacks are becoming easier to access. As a small business, you need to think about protecting your people, your customers and your data.
According to a study by security firm Websense, about 36% of Canadian businesses had suffered a security breach in the past 12 months. That number could be even higher, since 56% of survey respondents admitted that threats sometimes fall through the cracks. And according to the last Small Business Technology Survey, over 90% of small businesses reported being very or somewhat concerned about their business being vulnerable to a cyber attack.
If you’re not sure where to start when it comes to adequately protecting your business from cyber security risks, here are some tips to help:
1. Appoint a cyber security manager
A critical first step is to designate a cyber security manager within your organization. This doesn’t have to be a formal position. It could be your existing internal IT person, or anyone on your team with training in IT security management, and the organizational and administrative skills to help develop proper security policies, see that they are instituted and communicated to your team, and followed.
2. Have clear policies in place and enforce them
Your greatest risk may not be a malicious hacker at all. Instead, it may be the habits and behaviours of your team. That’s why it is imperative to have clear policies in place that govern device usage, software updates, public Wi-Fi access and so forth.
These policies must be spelled out in clear language. Staff must be formally trained in them and agree, in writing, to abide by them. And then they must be enforced. This is where that dedicated cyber security manager comes into the picture.
3. Choose the right security software and support services
Many small businesses use free or consumer-grade security and anti-virus software. This can serve you well up to a point, but these packages may not have the data backup and recovery features a business would need to protect against and recover from a security breach or disaster.
Consumer grade software can also lack the comprehensive features or services that businesses need to help with computer problems that can lead to security issues. And don’t forget about the importance of support. Services like PC Protect can provide reliable, 24/7 technical support, onsite repair, and assistance with locating and securing hardware as a result of loss or theft – which can reduce your equipment downtime as well as your repair or replacement costs in the long run.
There are various security tools out there to help businesses stay secure, with some providers offering a complete package that covers web security, data backups, and application and device support.
4. Take device usage into account
The variety of devices your team uses, and for what purposes (work, personal, or both) can impact your security. The less control you have over what devices your team is using, and where and how they are using them, the more stringent you may want to be about what data they can access outside of your firewall and how secure their remote connection must be.
Rather than trying to sort out all of these challenges on your own, consider a mobile device management (MDM) solution. This will simplify the deployment, security, monitoring, management and support of your team’s smartphones and tablets.
5. Factor in the risks of using public Wi-Fi
Free Wi-Fi hotspots, which are available practically everywhere these days, are a convenient way for you or your team to stay connected and be productive remotely – but it’s important to take proper measures to reduce any potential security risks.
Free Wi-Fi hotspots are generally open networks – with no authentication required to connect. And while many establishments such as McDdonald’s offer secure Wi-Fi, that’s not the case everywhere. Hackers can take advantage of unsecured connections to intercept the data your team sends or receives, or even plant malware. Your team should be instructed, as part of your cyber security manager’s policies, to install added layers of encryption (such as by using a virtual private network (VPN) or an SSL connection), turn off Sharing in their system preferences, and to close their Wi-Fi network connections when not in use.
Read our past blog post for more insights into how your business’ data could be vulnerable.
6. Keep your software up-to-date
Cyber safety isn’t only about the right bundle of security software and services. Any piece of software, and especially operating system software, is a potential point of weakness. Hackers are constantly looking for vulnerabilities to exploit, and it’s up to software vendors to issue patches or other updates to protect their users.
And while any device can be set up to automatically update its software, it’s all too easy for users to ignore prompts when software updates become available, or have automatic updates turned off. Your cyber security manager should therefore ensure that your team is keeping their software up to date, and services like PC protect can help them monitor their company’s computers to see if issues like overdue software updates need to be addressed.
The bottom line
No matter how small your business, cyber security is not something you can afford to take for granted. If you have confidential data, such as customer data, you have something of value to those with ill intent.
What steps have you put in place in your company to keep your business secure? Share your tips in the comments, below.