When you run a business, whether it is a small or large one, you put yourself within the reach of hackers. Small businesses are particularly susceptible to breaches and hacks. The reason being that they are unprepared. If you want to protect your business from a cyber-attack, follow these guidelines.
Educate Your Staff
If your employees are cyber-vigilant, they will be your best defence against information security threats. Remind them about the dangers of opening attachments from people they do not know or those contained in emails they weren’t expecting. Create processes and procedures for encrypting sensitive or personal information. And make sure they use strong passwords and change them regularly.
If you limit access to sensitive and valuable user data, it reduces the risk of human error. This is, after all, the number-one threat to the security of your company. When employees leave your company or transfer within your organisation, be proactive and delete passwords and accounts. Remember to collect entry keys and ID badges.
Use Uninterruptible Power Supplies and Surge Protectors
If you experience a power disruption, there is a risk of losing all your data. You can protect against this risk by using uninterruptible power supplies. A UPS gives you enough power and time to ensure you save your data. Plug all your computers into a UPS. However, if you use less sensitive and non-networked equipment, using a standard surge protector will be more than adequate protection. Regularly test any surge-protectors or UPS you use and replace them if necessary.
Update Software and Operating Systems
Any new app you use could potentially leave your business wide open to a cyber attack. Unless you regularly update and patch the software your employees use on all their devices.
When you purchase a new computer or install new software always check for updates. Remember that unsupported products, such as Windows 7, will not have any security updates provided so now might be the time for an upgrade. You should always download updates for your computer operating systems, as they typically include enhanced or new security features.
Install and Activate Firewalls
Firewalls are a good defence against malicious hackers. They can also be used to prevent your employees from browsing improper websites. Make sure you install and update software and hardware firewall systems on all computers, smartphones, and networked devices. This applies even if you use a cloud-service provider or a VPN.
Secure Networks and All Wireless Access Points
Best router practices include:
- Changing the administrative password on new devices
- Setting your wireless access point so that the service set identifier (SSID) is not broadcast
- Make sure you set the router to use WPA-2 (Wi-Fi Protected Access 2), with encryption set at the Advanced Encryption Standard (AES)
- Don’t use Wired-Equivalent Privacy (WEP)
If you allow guests to access your Wi-Fi, make sure it uses a separate network from the one used by your business.
Set Up Email and Web Filters
You can use web browser and email filters to ward off hackers and stop spam. Keep your employees informed about sites that are commonly linked with cybersecurity threats and encourage them not to visit those sites.
Full-disk encryption is one of the best ways to protect the data on your computers, smartphones, and tablets. Keep a copy of the encryption key or password in a secure place, away from your stored backups. Recipients of your encrypted documents will also need the key or password, but you should never send it in the same email. Provide it over the phone or by another method.
Wipe Hard Drives Before Disposal
When you dispose or donate old computers, take the time to wipe all the data from the hard drive. This is especially important for personal information or sensitive business information contained on flash drives, CDs or other older forms of media. You should destroy them or take them to a data destruction company.
Take Data Destruction Seriously
Before computers came along, data destruction was simple. It was just a case of shredding lots of paper documentation and then taking it to a recycling centre. The advent of digital information has made it much more difficult. It is a common misconception that deleting files from a system is enough. However, this is far from true as the data still remains in the drive. If you want to destroy it completely you have to clear it electromagnetically, get it overwritten, or physically destroyed.
These are the key steps you need to take if you want to ensure your valuable information and data is protected as much as possible.