It’s easy to think that because you are a small business, cybercriminals will ignore your and move on to bigger fish. The “not much to steal” mindset is common with small business owners regarding cyber security, but it is also completely incorrect and out of sync with today’s cyber security best practices.
The U.S. Congressional Small Business Committee found that 71 percent of cyber-attacks happened at businesses with less than 100 employees. While larger enterprises typically have more data to steal, small businesses have less secure networks, making it easier to breach the network.
The CSO.com article says that lack of time, budget and expertise for proper security is a top reason for the high rate of SMB attacks. Other reasons include not having an IT security specialist, not being aware of the risk, lack of employee training, not updating security programs and failure to secure endpoints.
Here are few best practices you can follow to avoid being an easy target…
Educate your employees – Human is the weakest link to the security
Providing awareness is the key. Educate your employees about security best practices like why they should avoid using pirated copies of software, how to identify a spam or phishing email, not clicking suspicious links on the internet and so on. Its extremely hard for attacker to hack into your internal network without a user interaction and limiting this is vital.
Educate employees about weak passwords and how to create secure passwords and how to manage passwords. Start using multi factor authentication for authentication. This simply means having two methods of authenticating and logging on services.
Vulnerabilities are the preferred way of getting into companies. Educate employees about the importance of immediately applying security patches and software updates.
Secure Every Entrance
All it takes is one open door to allow a cybercriminal to enter your network. One of the first lines of defense in a cyber-attack is a firewall. Secure your endpoints (laptops, desktops) with security software such as Anti-virus, Anti-SPAM and Anti-Phishing. Ensure strong passwords on laptops, smartphones, tablets, and WIFI access points.
Disable the default accounts and default passwords (servers, routers, printers, gateways) make sure there are is no misconfiguration issues. Do not expose anything to the internet unless it is necessary. Using VPN is recommended (A virtual private network is programming that creates a safe and encrypted connection over a less secure network, such as the internet).
Regularly check your system logs for intrusion attempts suspicious activities.
If an employee is leaving your company, make sure they don’t access to your systems anymore. Inform everyone and remove all the accounts from systems.
Uninstall all the services you don’t use and block the ports you don’t use.
Segment Your Network
A way to protect your network is to separate your network into zones and protect the zones appropriately. One zone may be for critical work only, where another may be a guest zone where customers can surf the internet, but not access your work network. Public facing web servers should not be allowed to access your internal network. If one segment got compromised it won’t spread into other segments easily.
Regularly back up all data
While it’s important to prevent as many attacks as possible, it is still possible to be breached regardless of your precautions. Backing up word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Be sure to also back up all data stored on the cloud or make sure that backups are stored in a separate location. It’s recommended to encrypt your data before uploading them as a security best practice.
Never skip Security patches and updates and Use up to date anti-malware software
If you’re using an outdated anti malware software or if you haven’t applied the necessary security patches to your systems, you are an easy target in the cyberspace as info sec researches keep finding new vulnerabilities and attack vectors daily It’s very important to patch your systems and update your anti-malware software.
The easiest way to do all these is to come up with a good cyber security strategy and define a security policy
You can come up with a good password policy to maintain and manage all users and passwords.
Come up with a BYOD (A BYOD policy, or bring-your-own-device policy, is a set of rules governing a corporate environments level of support for employee-owned PCs, smartphones and tablets) policy to regulate all the devices employees are using.
You can always contact a MSSP with a Security Operation center to deal with security issues of your organization very accurately.
In a SOC team professionals with expertise in information security are responsible for monitoring and improving the organizations security posture while preventing, detecting, analyzing and responding to the information security incidents.