You’ve invested all of your time, your money, and much of your life building your small business. It is your pride and joy — and your means to a profitable end. And on a daily basis, you fight back the tide of entropy waiting to bring you down.
Competition, online sales, dead-end leads, an up and down market — they are all out to get you. But there’s one issue that fights harder, longer, and faster to make your life a nightmare.
Hackers.
That’s right, those malicious programmers who rise up to the challenge of digitally breaking into your business and stealing your profit, your data, and/or your mental wellbeing. What can you do? Do you have any hope of stemming the tide of ne’er do wells against breaking into your systems and stealing what is rightfully yours?
You do. At least in theory.
What does that mean? It means that, in most cases, it’s not a matter of “if”, but “when” you’ll be hacked. But even though the outcome is dire, you should still do everything you can to prolong the nearly inevitable. Some of this advice can be done on your own, and some might require the help of outsourcing services.
Let’s take a look at a few things you can do to give your small business a lift within the realm of security.
Educate Your Staff
The first thing you have to take care of is the education of your staff. All too often, attacks on small businesses happen due to poor decisions on the employees part. If you want to make serious gains in your small business security, train your staff.
What should you train them on? The list isn’t terribly long, but it’s critical.
Phishing scams: Fraudulent attempts to obtain sensitive information such as usernames, passwords, bank information, and credit card details is common. These hacks are often undertaken by an outsider disguising themselves as a trustworthy entity via an electronic communication (such as an email, text, or chat message).
A hacker could call even your business, pretending to be someone from your bank, requesting information like your business bank account number. Your employees should never have access to this information and, if they do, should be trained to never give it out.
Viruses and ransomware: This is a challenge that threatens every business regardless of size. It is imperative that you train your employees to never open email attachments unless they are from a known source and have been scanned by an antivirus/antimalware tool. Any staff member that checks email on a company computer must adhere to such a policy.
Safe browsing: If left to their own devices, employees will browse the web. Those employees must be educated on how to recognize a malicious link. For example, if they receive an email that purports to be one entity, yet links to another, they need to know to not click on it. Your employees should also be educated on knowing when a website is secured by HTTPS and when a site is served up via standard HTTP. If a site doesn’t use HTTPS, they should never send login credentials for a company account.
Removable media usage: There are times you will save and store important information on USB drives. It is imperative that your staff know that those drives are to never leave the business property unless otherwise directed. They should also know the proper method of storing those drives.
Social networking: Social networking is a great way for people to communicate. It can also be a great tool for marketing your business. It does, however, have a darker side to it. People can be easily manipulated from within the landscape of Facebook, Twitter, etc. Social networking offers a perfect opportunity for social engineering, and you need to make sure your employees fully understand your policy toward these sites and services. Your best bet is to not allow the use of social networking during company time.
Employee responsibilities: Every employee needs to be educated on what they are to do if your business network or computers have been compromised. Don’t leave them to second-guess the first steps of reporting a hack. If you depend on the likes of software outsourcing companies, make sure your employees understand their responsibility to immediately report the hack to that outsourced company. Have a plan and make sure everyone involved understands that plan.
Other Steps You Should Take
Beyond educating your staff, what else can you do? Here is a short list of steps you should take.
Update, update, update: The software you use is probably updated on a frequent basis. These updates include security patches that should be applied immediately. If you hold off on updating software, you leave yourself vulnerable.
Require strong passwords: If your employees log into servers, services, or websites created by any other business or outsource development company, you must insist those staff members use strong passwords. These passwords should not be easy enough to be memorized, nor should they be written down. Require characters like $, (, ), >, <, @, etc. as well as numbers and a mixture of upper and lower case. Insist your employees use a password manager so they can work with incredibly strong passwords.
Change passwords regularly: This should be considered a must-have policy. Every employee should be required to change their passwords every month. Yes, this is a hassle, but it’s one that will go a long way to preventing your company from being hacked. Those passwords should follow the same guidelines stated above.
Stop using Windows: Windows is a weak platform, one that requires diligent administration and constant protection from hackers. When possible, go for an alternative platform, such as Linux, Chrome OS, or macOS. If you have computers that are used only for their web browsers, opt for either Linux or Chrome OS. The chances of those platforms being hacked are exponentially lower than that of Windows.
Choose reputable service providers: When selecting your Internet Service Provider, only go with a company that is known to offer strong security and reliable service. This holds true with any tech service you use. If you require third-party tech support, make sure to do your homework before selecting a company. A little bit of investigation upfront will go a long way to prevent your company from being hacked.
Encryption: When you have sensitive data saved on drives or sent to clients/customers/third parties, use encryption. Yes, it takes a few extra steps (and a bit of educating the employees), but the last thing you want is to house or transmit sensitive data in such a way that anyone can read it.
Conclusion
It doesn’t really take all that much work to give your small business a security boost. And once you have these steps in place, you’ll find they very quickly become second nature to all involved. Take the time to implement these policies and choices and your company will enjoy much-improved security.