Welcome to the first week of our Cybersecurity Awareness Month series! This week we’ll be covering some cybersecurity awareness month basics – easy and essential steps anyone can take to greatly improve their cybersecurity.
Cybersecurity Awareness Month
Since October is all about cybersecurity, I want to provide small businesses with practical guidance to protect themselves online. As a small business owner or employee, you have unique security needs and risks compared to individual consumers.
But don’t worry! By following cybersecurity best practices, you can securely run your business without needing to become an expert.
Let’s get started with the basics!
Back-Up to Protect Data
One of the most crucial steps a small business can take is backing up essential company data.
Customer information, financial records, product designs, employee documents, inventory systems, emails, personal information, and everything else vital to running the business should be backed up frequently. Ransomware attacks that encrypt your data, hardware failures, accidents, and other disruptions could otherwise cripple business operations indefinitely.
I recommend automatically backing up critical company data every day. Local external hard drives provide quick restores when needed. Cloud-based backup services offer an extra layer of protection if the physical office is impacted by fires, floods, or other disasters. Regularly test restoring backups to ensure files can be recovered when necessary. Keeping redundant copies ensures companies can recover from cyber attacks, hardware failures, and human errors.
Appoint an IT specialist or diligent employee to manage backups, test restoration, and securely store backup devices. With an organized system, small businesses can rest easy knowing their data is protected.
Enable Multifactor Authentication
Adding multifactor authentication (also referred to as two-factor or 2FA) for employee accounts and devices is non-negotiable. Requiring employees to enter a password and secondary code when logging into company systems provides an essential extra layer of security.
Hackers exploit weak and reused passwords to infiltrate systems. Multifactor authentication prevents unauthorized access even if an account password is compromised. While a hassle, 2FA provides inexpensive and highly effective protection against account takeovers, data theft, and more.
Train staff on setting up authenticator apps for 2FA and securely managing their codes. Apply 2FA universally for email, document storage, payroll systems, point-of-sale devices, and anywhere else that houses sensitive company or customer data.
While not impenetrable, multifactor authentication meaningfully improves small business security.
Security Awareness – Passwords
Along with activating multifactor authentication, using strong, unique passwords is imperative for small business security. Weak passwords which are reused across personal and company accounts are one of the biggest threats to small business data loss.
Implement password best practices company-wide:
Use randomly generated passwords with a mix of letters, numbers, and symbols for maximum strength.
Ensure passwords are at least 12 characters or longer if permitted. Avoid dictionary words and patterns.
Never reuse the same password between different accounts, apps, or sites. Separate personal and work passwords.
Store employee passwords securely using a password manager cleared for business use. Prohibit employees from writing down passwords.
Require regular password changes, at least every 90 days, to reduce the risk of an account being compromised.
Educate staff on good password hygiene through training resources like videos and posters to improve security awareness. Empower employees to use password managers and passphrases for ease of use while maintaining security.
With strong, unique passwords across the board, small businesses can shrink their attack surface and reduce preventable cyber incidents.
Increase cyber awareness around Phishing Scams
Employees represent one of the biggest cybersecurity risks to small businesses through no fault of their own! Hackers constantly barrage workers with phishing emails attempting to steal credentials or spread malware.
Just a single employee falling for one fake invoice or voicemail can lead to a costly data breach.
Implement policies to raise employee awareness about prevalent phishing techniques like social engineering:
Scrutinize sender addresses for any emails requesting sensitive information, even if seemingly from colleagues or vendors. Report anything suspicious without clicking links.
Inspect URL links by hovering before clicking to verify they lead to legitimate websites, not imposter domains.
Be suspicious of any abnormal requests, grammar errors, threats, or pressure to take urgent action. Confirm unusual invoices, policy changes, and problems via other channels before responding.
Report any potential phishing via email or phone to the IT team immediately so they can assess and warn others. Delete suspicious messages.
Frequent employee training to spot phishing paired with safe reporting methods is crucial to preventing major cyber incidents and data loss. Empower workers to identify and provide feedback on potential scams without fear of retribution.
Patch Operating Systems and Software
While less glamorous than phishing awareness, maintaining patched and updated operating systems, software, and apps at all times is vital for any small business. Hackers prey on known vulnerabilities in outdated programs that have available fixes.
Update web browsers. Automate system patching across company devices whenever possible after testing for conflicts. For programs without auto-updates, designate someone to manually perform updates.
Subscribe to release notifications from vendors and software providers. Make prompt patching a priority for IT staff and leadership to reduce the risk of malware and malicious attacks.
Yes, updates interrupt workflows. But neglecting them leaves the entire company exposed. Regularly communicating about patching, such as monthly “Update Tuesdays,” sets expectations. A little inconvenience now prevents hugely expensive cyber attacks exploiting known system weaknesses.
Stay Safe Online
In addition to technical controls employees staying vigilant helps small businesses remain secure online. Reinforce good security habits with your team:
Remind everyone of company cybersecurity policies, like guidelines for using social media and rules around accessing work systems with personal smartphones and devices. Provide resources to refresh knowledge.
Send routine phishing simulation emails to keep awareness high. Use failures as coaching opportunities, not punishments.
Discuss recent cybersecurity news and threats through emails, meetings, posters, and more to spotlight risks.
Encourage using different complex passwords for work accounts versus personal ones. Never reuse passwords.
Advise against accessing company data and networks from public Wi-Fi networks that lack security controls.
Caution personnel about oversharing work information and access credentials globally, even innocently on social media.
Request employees alert IT staff regarding any odd activity they notice on company systems and devices.
Stress-safe internet use during and after work hours, since personal devices can provide pathways to corporate networks.
With frequent security reminders and conversations, staff habits and knowledge remain sharp. Don’t just set policies – reinforce them regularly so employees can help keep your small business safe online.
Cybersecurity Awareness Training -> Reduce Cybersecurity Incidents!
Investing in consistent cybersecurity awareness training dramatically decreases a company’s risk of suffering a cybersecurity incident.
Research shows that human error contributes to over 90% of data breaches, often due to staff falling victim to social engineering, reusing passwords, or mishandling sensitive data.
Comprehensive security awareness programs teach employees to recognize phishing attempts, create strong passwords, follow data protection policies, and uphold best practices.
Organizations that prioritize ongoing training experience far fewer malware infections, credential theft, and successful attacks compared to those with sporadic or non-existent training.
Conclusion
That sums up week one of cybersecurity awareness month!
The essentials of cybersecurity may not be glamorous, but mastering the basics provides the foundation for protecting small businesses online.
By backing up data, enabling multifactor authentication, creating strong passwords, guarding against phishing, installing software updates, and fostering security awareness in company culture, small businesses can significantly reduce their risk.
Staying vigilant with cyber hygiene takes continual effort, but pays dividends in preventing business disruptions and data breaches. With dedication to education and best practices, small businesses can operate both productively and securely.
I hope these practices provide a great starting point to secure your organization. Stay tuned for Week 2, where we’ll cover physical security.
Stay safe out there!
Q&As
To further cover key cybersecurity awareness topics, here are answers to 10 frequently asked questions: