In 2021, 85.7 percent of Canadian organizations had experienced at least one cyberattack within a 12-month period, according to 2021 Cyberthreat Defense Report (CDR).
Growing a successful business requires leveraging digital technology to stand out from the crowd — the internet and information technology are powerful factors in small to medium-sized businesses reaching new markets and increasing productivity and efficiency.
Many small businesses think that they are too small to get noticed and targeted by cyber criminals. In fact, the opposite is true – cyber criminals are actively going after smaller businesses because they believe their computers are vulnerable.
Creating a cybersecurity plan to protect your own business, customers and data is crucial. You also can make a substantial difference by routinely doing these top 10 cybersecurity tips.
Top 10 Cybersecurity Tips
1. Regular Software and Patch Updates
It’s common for employees to click “remind me later” on computer software patches – this is a serious mistake. Your operating system routinely runs patch updates – these are important as they fix security threats and compatibility issues, plus add new and improved software features.
- Security breach prevention
- Software compatibility
- New and improved software features
- Third-Party Applications
Updating third-party applications like Ransomware and other popular programs is also key. Why? Because most third-party applications are on the internet, they are especially vulnerable to ransomware. Cybercriminals want to exploit your data and are always on the lookout for a chance to hack users who delayed updating their software.
Update Other Devices
Updating your Wi-Fi router’s firmware is necessary in the fight against cyber threats. Also updating all connected devices such as desktops, laptops, tablets, phones, and other devices owned by your company to avoid any security breaches.
Wi-fi Router Firmware (Keep Wi-Fi password-protected and hidden with SSID)
All devices connected to your router – printers, scanners, etc..
2. Train Employees on Cybersecurity Measures
The biggest cause for data breaches is employee negligence, according to a study cited by a CNBC report. 47% of security breaches were due to human error, such as losing their device, accidentally clicking on a phishing link or giving out sensitive information through an email or phone scam.
Have your employees go through the same cyber security training so that everyone has the correct base knowledge to keep your business safe.
- The Dangers of Phishing – Links that try and make you click on something familiar but, instead, lead to malware. One way to check is to mouse over the link and see if it is going to an expected destination or is different.
- Phone and Email Scams – do not give out banking or personal information or passwords
3. Use Strong Passwords and Incorporate Multi-Factor Authentication
Using strong passwords is critical to protect your data from being hacked – however, the absolute best way to ensure your data is secure is by using two or multi-factor authentication.
What Is a Strong Password?
- A strong password is at least 12 characters long. The longer your password is - the better.
- Uses uppercase and lowercase letters, numbers and special symbols.
- Passwords that consist of mixed characters are harder to crack.
- Doesn't have memorable keyboard paths.
- Not based on your personal information.
- Password is unique for each account you have.
What is Multi-Factor Authentication
Multi-factor Authentication is a login process where users must provide a minimum of two pieces of verifiable information to authenticate. User sign-on processes might provide their usernames and passwords, but also will require something like a smartphone, key fob, smartcards, fingerprint scans or facial recognition.
Example: User enters a password and then a second, one-time passcode is sent to another device that allows access. It may be sent via email or text message.
4. Perform Timely Risk Assessments
Small businesses should routinely perform a risk assessment to assess vulnerabilities within their systems. The easiest way to do this is by having an IT service provider perform a risk assessment audit or run a more comprehensive audit, called Cyber Security Penetration Testing.
Businesses should also brainstorm "what if" scenarios for cybersecurity, especially as they relate to their data storage. Data is most likely stored in the cloud. As such, businesses can lean on their cloud storage provider to help them perform a risk assessment to determine what threats, if any, exist and what measures can be taken to strengthen data security.
5. Use Virtual Private Networks (VPNs) and a Firewall
A Virtual Private network (VPN) hides your IP address, which is the string of numbers that identifies your device. This keeps hackers from knowing your location and activities. It does not block viruses, however, so it’s better to pair a VPN with a firewall (and antivirus software)
VPNs allow employees to securely access remote servers from locations outside the office – by encrypting data, they mitigate the effects of a cyberattack.
6. Perform Regular Backups
Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly, and store the copies either offsite or in the cloud.
7. Deploy Monitored Antivirus or EDR
It is necessary to have anti-virus software on both your corporate and your employees’ devices. The number of viruses has multiplied exponentially over the years – businesses should ensure that their antivirus software is installed properly and updated regularly.
An Endpoint detection and response (EDR) system
EDR solutions may include antivirus, but it also provides protection from many things anti-virus software does not, such as blacklisting and whitelisting applications and memory-based attacks. In other cases, EDR is sold as a component of an Endpoint Protection Platform (EPP); the EPP solution typically provides antivirus protection and other security measures.
8. Secure Your Wi-Fi Networks
If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router, so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password-protect access to the router.
9. Apply Best Practices on Payment Cards
Small businesses can communicate with their banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. Physically handling customer payment cards with extra care is important and should be part of cybersecurity training for employees. Plus, the security protocol of your business wireless network needs to be to the strongest, WPA3.
10. Limit Physical Access to Computers
Small businesses should not have one employee who has access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs - they should not be able to install any software without permission.
For devices that are used by multiple employees, businesses should consider creating separate user accounts and profiles for additional protection.
Cyber Security Awareness
Most small to medium-sized business owners are too busy running their business to worry about cybersecurity, technology and security measures for their software and devices.
Even with regular software and security updates or reminders to reset passwords, businesses still need to take aggressive measures to protect their physical and digital assets. Your customers need to feel that your business will keep their data secure and kept private. Ensuring their trust means repeat customer business and great reviews.
Using an IT Provider to manage your technology and security can be a great way to create scalable and affordable IT solutions to support your business. Learn more here about GAM Tech’s solutions and get a free risk assessment for your business today!
Why GAM Tech?
Learn more on how our Managed IT Services and Support help your business grow!