Tips to keeping your small business secure
Introduction
As a small business owner, cyber security can seem intimidating. This article will help you understand what to look for to keep your information secure. Our goal is to give a brief introduction on each type of attack with easy-to-implement suggestions on how to protect yourself and your business from each of these types of security breaches.
Important Terms
Before we get started, take a moment to familiarize yourself with terms used throughout this article.
Phishing: Emails sent to a large number of recipients at random knowing only a small percentage of recipients will receive the message and only a small percentage of those recipients will initiate the desired response.
Spear Phishing: These emails are sent to a specific target and carefully designed to initiate a response. Attackers use information gained from social media, other hacked email accounts, your website, and so on.
Malware: Short for “malicious software” malware is a catchall term that encompasses viruses, a Trojan Horse, spyware, or worms.
Man-in-the-Middle: These typically occur with an unsecured Wi-Fi connection. Hackers use these networks to eavesdrop in order to interrupt and intercept information and data
5 Steps to Protect Your Business
A lot of our clients fall into the small business category. There are specific things businesses can do to protect themselves and their data from cyber attacks like the ones listed above.
Below is simple breakdown of the five of the most common protections a business should implement.
- Enable Multi-factor Authentication for Password Protection
Multi-factor authentication can seem like a cumbersome and unnecessary extra step, but that extra step is especially helpful when it comes to keeping the bad guys out. Think of it this way, if the door to your home has two locks, it takes an intruder longer to access your home.
It’s the same concept with multi-factor authentication, which requires more than one distinct authentication factor for successful verification.
There are a few common authenticator applications (or apps) that we recommend:
We recommended, at a minimum, using one of these apps to enable multi-factor authentication with the following programs:
- Office 365
- Google Workspace
- Corporate file sharing programs
Personal Email
- Gmail
- Outlook
- Yahoo
- Comcast
Personal Accounts
- Amazon
- Banking
2. Understand what Phishing Schemes Look like
This is an all-to-common attack where scammers send fraudulent emails or text messages. They appear legitimate, often claiming to be from your banking institution or trusted contact. They send a link that, once clicked, can access sensitive information like credit card information.
Phishing schemes can be quite convincing, even to the savviest computer user.
The bottom line is if you question the legitimacy of the email, even if you have the smallest amount of hesitation, don’t open the email. And more importantly, don’t click links or open any documents.
We have seen phishers scam small churches and large construction companies. Everyone is a target, so it’s important to be cautious always.
If the suspicious email came from a trusted contact, pick up the phone and call that person to confirm their intentions. You can’t be too careful.
3. Empower your Employees
When it comes to cybersecurity, all your employees should know how to help protect your business. At a minimum, your employees should know the following:
- Who to Contact?
If you have an IT director, it should be them. If not, clearly identify the best person for this job. - How to enable multi-factor authentication.
- What phishing schemes look like.
We recommend you review this with employees at least twice a year. AngelCom also offers security awareness training for employees that includes simulated phishing attacks so they can be prepared and know how to respond. Learn more about AngelCom’s approach to cyber security.
4. Data Management
When it comes to company information, your data should be housed on a cloud-based server where the information is routinely backed up.
As it relates to access to information, we recommend you isolate your data into two distinct categories: needs and teams. As you allocate access to different files, clearly identify who needs access to the information. It can often be broken down by teams or departments.
5. Keep your devices and software up to date
Whether you’re on a Mac or PC, it’s important to update your machine. As updates become available, we recommend you update as soon as you can to avoid viruses and other malware.
You also need to update your anti-virus software. Yes, your new computer likely came with anti-virus protection, but almost all of these expire after a year. Be sure to budget the yearly expense necessary to keep this anti-virus software active on all your computers and install it promptly.
Keeping your small business safe from cyber-attacks is achievable. If you find yourself needing more help, please contact us. We enjoy working with small businesses and can help you with services that fit your price point.