Cybersecurity can be a daunting topic for small businesses. Small business owners may have limited knowledge about how technology works. They may also have limited resources to get other people to help them. The good news is that a lot of cybersecurity is basic common sense. Here are some tips to help.
Secure your physical infrastructure
If you have an official base, like an office, make sure that you have effective physical security there. If you have remote workers (e.g. people working from home), then you need to ensure that they are implementing effective physical security in their working location.
If you have mobile workers, you need to think about what could happen if their devices are lost or stolen. Dealing with this is as easy as installing a program or app which allows you to wipe the device. You just need to do this in advance.
Learn how to use video-calling safely
Firstly, take a good look at your software’s settings and think about what they mean for security. For example, do you really need to have all calls recorded? If you do, then make sure to change the name from the default to make it harder to guess.
Secondly, make sure that everyone has a neutral background. Nobody should be able to look at the video and make any guesses about a person’s location or lifestyle.
Keep all of your operating systems and software updated
It is impossible to overstate the importance of this. If you absolutely must use an operating system (or software) which is out of support (e.g. Windows XP), then keep it 100% offline. If you never have the time to update your software, then hire a managed IT services company to do it for you. This absolutely must be done.
Invest in a firewall, a WAF and, if necessary a VPN
A firewall protects your local network from threats coming from the internet. A WAF (web applications firewall) protects your website from threats coming from the internet. A VPN (virtual private network) essentially carves out a private space in the internet for you. This gives you a safe “tunnel” through which to communicate.
Protect all devices with a robust antivirus
You need to protect your smartphones and tablets as well as your laptops and desktops. This also very definitely includes macOS/iOS devices as well as Windows/Android ones.
If a device is linked to the internet but doesn’t have a mainstream operating system, then password-protect it if at all possible. Always change default passwords.
Encrypt all data and back it up effectively
Encrypting data is currently the only way to be sure that it’s safe from theft. Either encrypt all sensitive data or just encrypt all data. Back it up in a way that protects you against ransomware.
These days, ideally, you should have multiple data backups, at least of your most important data. This will protect you against slow-acting ransomware. Slow-acting ransomware hides in your production system, hoping to be transferred into your backups. If it is, it activates and renders your backups useless.
Train your staff to identify social-engineering exploits
Staff can be your biggest security vulnerability. With the right training, however, they can also be a strong defence against cyber attackers.
Luke Watts is the director of RoundWorks IT, which are specialists in managed IT support, cyber security, IT security and more for businesses across East Midlands.