8 simple cyber security tips for small business owners
While having a personal IT guru is out of reach for most of us, your data will thank you for following these simple cyber security tips.
It’s safe to say that the world is more connected than ever. For small businesses, this means huge opportunities. It’s easier now to compete on the big stage, sell your products and services and save on administration costs.
With this in mind, it’s important you’re equipped to deal with cyber security threats. These come in all shapes and sizes – from phishing scams and ransoms to data hacks and fraud. And the truth is, small businesses are just as vulnerable as big ones. But there are ways to counter these threats.
Here are 8 simple cyber security tips you can use to keep your small business secure.
1. Develop a backup strategy for your data
As a small business, losing your data can be disastrous. To save yourself time, money, and even your livelihood, you should be prepared with a backup strategy. So where to start? For now, it’s about asking yourself simple questions, such as:
" It’s the small things that make a big difference."
- What kind of backup do I need? When disaster strikes, you need to figure out whether your business needs to restore, recover or maintain services. This will help you determine whether you need to store your data on-site, in the cloud, or a hybrid mix of both.
- What needs to be backed up? In short, everything. Or at least, your most critical data. Depending on time and storage space, there are three main types of backup – full, incremental, and differential.
- What are you protecting against? If it’s just files you’re worried about, a full image-backup doesn’t make sense. But if it’s your whole system – you need to think bigger.
- What’s my Recovery Time Objective (RTO)? That is, in the event of a data disaster, how long can you go before you business suffers?
Answering questions like these are the first step in understanding what strategy works best for you. It can be a tricky process to wrap your head around, but luckily there are many IT service providers who offer you the guidance you need.
2. Control who has access to your information
The truth is, staff can make mistakes. That’s why it’s important to train them up. Everyone who works for you should know about the business’s security programs and receive regular updates. It’s also worth reminding your staff of basic security measures like using passphrases instead of passwords.
As a small business owner, you’re also more likely to allow your staff to use their own devices at work. This can be a great idea, but it’s important to have mobile security solutions and network access control (NAC) products in place. That way, they can safely access the company VPN and email from their own laptop or mobile – without putting your whole IT infrastructure at risk.
It might be the last thing you expect, but you should also be aware of business espionage. It’s a touchy subject, but there are people who stand to gain a lot from your information. So to protect yourself from spies and insiders, you’ll need to control who can access what information.
3. Watch what you post
When it comes to social media, the biggest security issue is spear fishing. And no, it’s not a sport – it’s a scam. Basically, it involves being sent an email that looks like it’s from a business or someone you know. It will often be highly personalised, addressed to you with your position, company, work phone number and other customised information. These emails will push you to open up a nasty URL or attachment, or ask for your banking details and passwords.
But where do these fraudsters get all this info? Usually from social media sites like LinkedIn, Facebook, and Twitter. That’s why you should never post sensitive personal or business information on these platforms. To tighten your defences, make sure you regularly train your staff and invest in quality software solutions that catch out malicious emails.
4. Create a password management strategy
You might never have to deal with cyber-terrorism. But the reality is, it exists – and not even small businesses are completely safe. And one of the main reasons for breaches (76% in fact comes down to weak passwords.
So how do you counter the threats? Simple – create a solid password management strategy. Like most businesses, you probably have a long list of accounts and services you use, all of which require a password. That’s where password management software comes into play. It not only stores your passwords, but it generates strong ones to be used for all personal and business sites.
However, as secure as password software is, you should still be wary. In 2015, LastPass was hacked, exposing emails and encrypted master passwords. So before you choose your software, ask around and do your research.
5. Double up with two-factor authentication
As a small business, you’re likely using cloud services. And you now know that passwords don’t offer complete security by themselves. That’s why it’s worth using the power of two-factor authentication (2FA).
How does 2FA work? Basically, it’s a two-step verification process that requires not just a username and password, but also a piece of information that only the user gets given – such as a code sent to their mobile phone. This extra layer of protection makes it harder for hackers to gain access to sensitive information.
The easy part is, most cloud services and social networking sites give you the option of 2FA. It’s not always enabled by default, so make sure you find out how to turn this function on. If you’re worried about this extra step being time-consuming or complex – don’t be. It’s a small security measure with big benefits.
6. Protect your Wi-Fi
This can be an easy one to skip. But if you have a Wi-Fi network, it’s really important to make sure it’s secure, encrypted and hidden – otherwise you’re opening up your network to hackers who can access company files, online accounts and private information.
Remember what happened to Jared Hayne? His presentation was hijacked at a local high school and pornographic images were shown on the big screen. While everyone assumed it was from Hayne’s computer, he had simply been hacked. That’s just one example.
So how can your boost your Wi-Fi privacy? Some simple things you can do are to change the router’s default administration password, configure it to use WPA2 encryption, keep its firmware updated, use a strong passphrase, and physically secure your router.
7. Get your data insured
Sometimes you simply can’t stop a disaster from happening. But you can certainly be prepared for one. Much of the business world has moved online, so it’s no surprise that cyber insurance is becoming increasingly popular.
For small businesses, it adds an extra layer of security. Basically, added peace of mind for when things go south. Depending on your insurer and the policy you take out, you can get cover for business for data liability, interruptions, restoration, ransom payments and more.
Before you decide on the level cyber insurance you need, weigh up the risks for your data. What would happen in the event of a security breach? How long can your business be out of action? Do your clients need 24/7 access to your services? Put simply – the greater the risks, the greater the need for insurance.
8. Make your CMS bulletproof
Whatever CMS (Content Management System) you’re using, hackers can find sneaky ways to analyse loopholes and get inside your system. The good news is, there are also ways to make your CMS as secure as possible. Here are few simple tips:
- Get rid of front-end login. Many CMS attacks happen through front-end login. The solution? Allow those who need access to your CMS do in through the back-end admin screen.
- Don’t use default admin. The default username of ‘admin’ is all too common. To boost your security, come up with a unique ID instead.
- Hide the ‘wp-includes’ folder. If you’re using WordPress, the ‘wp-includes’ folder is often accessible to the public. This means it’s ripe for hacking. To counter this, simply add a blank ‘index.html’ file to the folder.
- Be wary of add-ons. While plugins, themes and add-ons are natural parts of the CMS experience, not all of them are safe. Some might have the capacity to access your CMS backdoor. The best way around this is to do your research before adding anything.
- Other methods to consider include keeping your systems updated, regularly scanning your files, and using spamming protection software.
The safer the better
Your business is your business – and following these cyber security tips will help you keep it as safe as possible. Some of them might seem pretty straightforward, but it’s the small things that make a big difference.