BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

Want To Drastically Enhance Your Small Business Cybersecurity?

No matter how secure you may be right now, you could always be doing more. Have you double-checked your cybersecurity lately? Review the best practices below to strengthen your small business cybersecurity.

When everything is going well, the last thing you want to do is think about what will happen when something goes wrong. It’s not necessary to dwell on the potential for a security disaster though – you know that it’s a possibility, so let’s just leave it at that. What’s important about this is that you know to cover your bases.

Cybersecurity Small Business

No need to assume the worst – just plan for it, so you know you’re protected. As that old saying goes, “An ounce of prevention is worth a pound of cure”.

Do what you need to do to “prevent” now, so you don’t have to pay for the “cure” later.

Use A Firewall

Your firewall is your first line of defense for keeping your information safe.

A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.

A firewall inspects and filters incoming and outgoing data in the following ways:

  • With Packet Filtering that filters incoming and outgoing data and accepts or rejects it depending on your predefined rules.
  • Via an Application Gateway that applies security to applications like Telnet (a software program that can access remote computers and terminals over the Internet, or a TCP/IP computer network) and File Transfer Protocol Servers.
  • By using a Circuit-Level Gateway when a connection such as a Transmission Control Protocol is made, and small pieces called packets are transported.
  • With Proxy Servers: Proxy servers mask your true network address and capture every message that enters or leaves your network.
  • Using Stateful Inspection or Dynamic Packet Filtering to compare a packet’s critical data parts. These are compared to a trusted information database to decide if the information is authorized.

Train Your Staff

Your staff can have a significant effect on your cybersecurity – either they know enough to keep your assets secure, or they don’t, and therefore present a serious threat to your security.

So, which is it? Do your employees and volunteers have the knowledge they need to spot cybercrime scams, avoid common pitfalls and keep your data secure?

If you’re not sure, then they may need training. Security awareness training helps your employees and volunteers know how to recognize and avoid being victimized by phishing emails and scam websites.

They learn how to handle security incidents when they occur. If your employees and volunteers are informed about what to watch for, how to block attempts and where they can turn for help, this alone is worth the investment.

How Do I Train My Employees For Cyber Security?

A comprehensive cybersecurity training program will teach your staff how to handle a range of potential situations:

  • How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
  • How to use business technology without exposing data and other assets to external threats by accident.
  • How to respond when you suspect that an attack is occurring or has occurred.

Strengthen Your Passwords

Passwords remain a go-to tool for protecting your data, applications, and workstations.

They also remain a common cybersecurity weakness because of the careless way employees go about trying to remember their login information. Weak passwords are easy to compromise, and if that’s all that stands between your data in the cloud and in applications, you could be at serious risk for a catastrophic breach.

That’s why protecting your login processes with an additional layer of security – multi-factor authentication – is recommended. Multi-factor authentication requires the user to utilize two methods to confirm that they are the rightful account owner. It is an available security feature in many popular applications and software suites.

There are three categories of information that can be used in this process:

  • Something you have: Includes a mobile phone, app, or generated code
  • Something you know: A family member’s name, city of birth, pin, or phrase
  • Something you are: Includes fingerprints and facial recognition

Protect Mobile Devices

Implement Mobile Device Management and Bring Your Own Device policies that allow employees to use their own devices in combination with the business’ without compromising your security:

  • Require password protection and multi-factor authentication for mobile devices.
  • Deploy remote access software that allows you to locate lost/stolen devices, and remotely wipe their data if need be.
  • Develop a whitelist of apps that are approved for business data access.

And don’t limit yourself to desktops, laptops, and phones – there’s more out there for you to take advantage of. Have you considered what the Internet of Things and wearable devices can do for workplace efficiency? Now’s the time to get on board – up to 20.4 billion IoT devices will be online by 2020.

Manage Account Lifecycles And Access

This is one of the more basic steps on the list, but no less important. It can’t really be automated or outsourced to any technological aids; it’s just about doing the work. You need to have a carefully implemented process to track the lifecycle of accounts on your network.

  • Follow a careful system for how accounts are created for new members, how their security is maintained and verified through their life, and how they are removed when no longer needed.
  • Implement secure configuration settings (complex passwords, multi-factor authentication, etc.) for all accounts.
  • Implement controls for login and use, such as lockouts for too many unsuccessful logins, unsuccessful login alerts, and automatic log-off after a period of inactivity

Protect Your Wireless Networks

Wi-Fi is a necessary part of doing business. Your staff cannot go without it, so it becomes your responsibility to make sure it’s secured, simple as that.

  • Turn off broadcast so that your SSID is not available for others to see.
  • Use WPA2-Enterprise security, which forces per-user authentication via RADIUS for access.
  • Double-check your radio broadcast levels at default to make sure they don’t extend outside your building.
  • Create a Guest Network that’s segmented and has a limited bandwidth so that those visiting your building don’t have any chance of access to your data.
  • Monitor your network, and log events to track any activity by your employees and other contacts with network access.

Limit Unnecessary Physical Access

Your cybersecurity measures won’t amount to much if your laptops, tablets, smartphones and other devices are left out in the open for anyone to take.

It’s one thing for a cybercriminal to hack into your system remotely. It can be significantly easier if they’re doing so directly on a business device.

  • Keep business devices under lock and key when not in use.
  • Maintain a detailed inventory of who has authorized use for specific business devices.
  • Don’t leave the login information on a sticky note on the keyboard of the device.

Follow Payment Card Best Practices

If you accept payment through credit and debit cards, make sure to follow established security policies and practices to mitigate any potential risks.

  • Work with banks and other financial industry contacts to make sure you’ve implemented the right cybersecurity tools and anti-fraud services.
  • Double-check your compliance requirements for FINRA, GLBA, and SOX.
  • Segment networks involving a point of sales and payment systems from any unnecessary aspects of your IT infrastructure. No unnecessary software or web access should overlap with these systems.

More Like This

AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

Original release date: June 23, 2022 Summary Actions to take today: • Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021, treat all affected VMware systems as compromised. • Minimize the …

AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems Read More »

Read More

AA22-158A: People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices

Original release date: June 7, 2022 Summary Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system This joint Cybersecurity Advisory describes the ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known …

AA22-158A: People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices Read More »

Read More

AA22-152A: Karakurt Data Extortion Group

Original release date: June 1, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enforce multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), …

AA22-152A: Karakurt Data Extortion Group Read More »

Read More

Cardiologist Turns Hacker

Cardiologist Turns Hacker – Moises Luis Zagala Gonzalez Moises Luis Zagala Gonzalez, a cardiologist in Venezuela, is the alleged creator behind the Jigsaw v.2 and Thanos ransomware strains. If true, this would make him one of the most prolific cyber criminals in recent history. These ransomware strains have caused immense damage, with Jigsaw v.2 encrypting …

Cardiologist Turns Hacker Read More »

Read More

6 Timely Tips To Help Businesses Avoid Phishing Emails

6 Timely Tips To Help Businesses Avoid Phishing Emails Phishing emails are a common way for cybercriminals to steal important data from businesses and individuals. This article will discuss what phishing is, how to identify a phishing email, and how to protect your business data from being stolen. We will also provide tips for avoiding …

6 Timely Tips To Help Businesses Avoid Phishing Emails Read More »

Read More

AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control

Original release date: May 18, 2022 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager …

AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control Read More »

Read More