In 2012, the Federal Communications Commission created a committee that listed the 10 best practices for small businesses pertaining to cyber security solutions. With the near constant news of data breaches occurring within large corporations, we thought it would not hurt to publish another list of “Best Practices,” that are not just good for small businesses, but all businesses.
With 4,000 businesses being hit by cyber-attacks every day, companies can no longer afford to assume they are too small to be a target. In fact, smaller companies are more often a target because their security is far simpler to work around.
Following these simple protocols within your organization will have a significant impact on your company’s network security.
Passwords. Be sure employees are using unique passwords, and that they are changed every three months. Encourage them not to use the same password they use for their personal accounts (like their personal email password). It should not include names of family members or their favorite pet – sorry, “fluffy123,” you’re out. A strong password will include, capital and lowercase letters, be at least 8 characters, and include a number and symbol.
Limit Employee Access of Data and Sensitive Information. Employees should only have access to what they must have on a regular basis to do their job well. No single employee should have access to all information within the entire company (meaning, the HR manager should not have access to the financials, and the CFO should not have access to employee health records).
Limit Software Install Authority. Your sales reps most likely do not need to be able to download everything he or she would like. Too often, employees will allow their children to use their laptop when they get home, who in turn download a slew of free games from unprotected websites that are littered with viruses or malware. By limiting who has authority to do this, you can significantly reduce the likelihood of an employee accidentally downloading unwanted malware.
Secure the Companies Wi-Fi Network. This seems like an obvious one, but it still needs to be mentioned. Leaving your wi-fi unsecure is like keeping the backdoor of your home unlocked. In today’s technology savvy society, it is too simple to wreak havoc on your network. Likewise, it is too simple to secure your network this way to not do it.
Best Practices with Company Cards. Make sure you work with your banks to ensure that the best validation tools are being used, and make sure to use a credit card or a bank account with a low balance. Make sure to also use different computers for processing payments from general use (like searching the internet).
Control Physical Access to Computers and Create User Accounts. It is hard to believe, but hackers have gotten bold enough to simply walk into businesses and upload malware into a copier with a USB drive. By creating user logins on all your technology, you can avoid these pitfalls. This also keeps others from using employee computers without their knowledge.
Back-Up Your Important Documents. Regularly back-up the data on company computers. Whether you decide to use a cloud-based system, server, or external hard-drive, protect important documents from becoming corrupted or from a crash. Critical data to your business would include word processing documents, electronic spreadsheets, databases, financial files, human resource files, and accounts receivable/payable files. At a minimum, data should be backed-up weekly, but if possible, schedule for your technology to back-up automatically.
Protect Mobile Devices. Mobile devices (or any personal device) can create significant challenges to the security of your network. If an employee must use their personal device for work related functions, require them to use a password and encrypt their data. In addition, make sure there are procedures in place for when a device is lost or stolen (much like if you were to lose a credit card).
Provide Firewall Security. Simply put, firewalls virtually keep would-be intruders where they should be – outside your network.
Install Network Security Software. Keep your machines clean by installing the latest security software and anti-virus protection. Set your anti-virus to run a scan after each update and install other key software updates as soon as they are available.
… and the most important, "best practice?"
Train Your Employees. If this has not been done, then most of the other “best practices” will be ineffective. The employees of your company are its greatest asset… and unfortunately, its greatest liability. Establish basic cyber security practices and policies for everyone and make sure they understand the items listed above that they can control. Every company gets busy, but putting off implementing cyber security best practices is leaving the door open to a future disaster.
Want to Learn More?
Why Small Businesses Are More Prone to Cyber Attacks
Superior Solutions - for IT on a Budget
Phishing Tips: A Simple Guide to Avoiding Malicious Emails
Here's Why Your Employees Are A Major Security Risk
cybersecurity best practices