A Simple Cybersecurity Plan for Small Businesses

In light of the recent major data breach that struck global hotel chain Marriott in November of 2018, cybersecurity is once again a topic on everyone’s mind. Actually, it should always be on everyone’s mind. While it’s common to assume that these types of attacks only affect the largest of corporations (because that’s all the news ever reports on), you might be surprised to learn that the opposite is quite true.

Not only do a significant number of cyber attacks target small businesses specifically, but 60% those affected organizations will go out of business because of it.

But don’t fret. All hope is not lost for the small business. Just because you may not have a dedicated cybersecurity team or even an IT department, there are still some simple things you can do to be on the forefront. Creating an adequate cybersecurity plan for your small business isn’t impossible. In reality, it isn’t even difficult. You just have to keep a few key things in mind.

The Small Business’ Guide to Cybersecurity: A Simple Checklist

Cybersecurity success as a small business owner has less to do with any one major move you make and is more about a series of smaller, more strategic ones. They may not seem like much on their own, but taken together they add up to the forward-thinking approach to digital protection that you need to survive in today’s current climate.

Here are a few of the things that you need to think about:

1. Viruses, spyware and malware. While these are not the way most “major” breaches happen, they can still cause a lot of problems – and because of that, you need to address them. Every computer, especially ones running Windows (Sorry Windows!), needs to have antivirus, malware and spyware software installed. You also need to make a proactive effort to keep those applications updated.
2. Email. Always make sure you’re using an email provider that scans for viruses in message attachments. Google’s G-Suite and Microsoft’s Office 365 are two of the biggest examples of this. To take things one step further, always enable two factor authentication when it’s available, make sure your account recovery options are up-to-date, only use an updated and secure Web browser and check your email provider’s settings regularly to make sure only authorized accounts and services have access.
3. Secure your local network. This goes far beyond just installing a firewall. You need to be using proactive network monitoring software that will detect suspicious activity immediately, allowing you to put a stop to a small problem today before it becomes a much bigger one tomorrow.
4. Passwords. Every password needs to be strong – a combination of letters, numbers, special characters and cases is mandatory. These passwords also need to be changed frequently. Using a password vault like 1Password will help tremendously with this. This needs to extend to all users and all passwords, including those used by your network administrators and other high ranking employees who could easily become targets.
5. Backups. You can’t fully stop yourself from becoming a target of a cyber attack, but you CAN stop yourself from becoming a victim. Backups are part of how you do that. Always make sure you backup important data to a secure, off-site location. Depending on your business and type of data you need to protect, you may also want to have an on-site backup in addition to your offsite copy. It’s possible you will need to be backing up a few times per day. Even in the event that you do suffer a disaster, you’ll be able to pick right back up without losing anything. Backblaze and Carbonite are two hands-free backup services we highly recommend. We use Backblaze here at dwellTEK.
6. Secure those mobile devices. Never forget that ANY device connected to your network is a potential vulnerability to be exploited by someone who wants to do you harm or hold you hostage for a ransom. Create device policies with strict consequences for your employees and manage those policies moving forward. There are plenty of affordable WiFi systems available today that make managing mobile security a breeze. Take a look at UniFi as an example.
7. Employee training. User error is one of the most common ways that cyber attacks start, and employee training is how you help stop it. Your people need to know what a phishing email looks like and what to do if they get one. They need to be trained on the latest threats as they develop. They’re your first line of defense in terms of staying safe on the Internet, but you need to give them the knowledge to be effective and the freedom to voice their concerns.
8. Keep your website updated, safe and secure. Your website is literally the face of your business. If people can’t trust an out-of-date website with their personal information or payment data, that’s going to reflect poorly on your brand as well. To that end, partnering with a managed websites and managed marketing provider is likely something you’ll want to consider, as they provide these services automatically. While we don’t offer IT security solutions here at dwellTEK, we are happy to provide you with a secure, fully managed website for your business!

You’ll also likely want to consider partnering with an IT managed services provider (MSP) so that you don’t have to worry about things like security updates, patches and more. You can think of a MSP as your outsourced IT department without the HR overhead. They can take care of all of this on your behalf so that you can get back to the most important thing of all: your business.

These are just a few of the many, many things you should think about when putting together a cybersecurity plan for your small business. None of them are particularly hard or expensive, but working together, they will make a difference.