When your company deals with data you are at risk of a cyber-attack. No business is exempt from cyber-criminals malware or security breaches no matter its size. In fact roughly half of all cyber-attack victims are small businesses. This is in part due to the fact that small businesses are assumed to have less protected networks hence making them more susceptible to breaches. Here are 7 cyber-security tips for protecting your business:
- Educate your staff.
- Set up reliable firewall software.
- Set up anti-malware programs.
- Implement effective password policies.
- Back up critical information and files.
- Have a mobile security strategy.
- Protect yourself with cyber insurance.
1. Educate Your Staff
Your team needs to understand the importance of cyber security and how they can help protect company data. They should be aware of the different types of attacks and what to do in the event there is a breach or cyber attack. Update your information regularly and engage in employee training. Here are some areas they should be educated in:
- Types of cyber-attacks
- Importance of cyber-security
- Physically securing data documents and items like laptops and phones
- Password security
- How to prevent cyber-attacks
- Process after a breach
- Reporting requirements for a breach
2. Set Up Reliable Firewall Software
If you haven’t done so already look into setting up a standard external firewall – as well as an internal firewall for additional protection. If you have any staff members who work from home require that they install a firewall on their personal network. To guarantee compliance you might want to offer firewall software and adequate support to install it.
A firewall helps prevent unauthorized access to your data. It also checks messages. These only protect network traffic and connections and do not authenticate users. It’s only one level of defense and must be backed up with more robust measures.
3. Set Up Anti-Malware Programs
Phishing which is a practice of sending fraudulent emails claiming to be from trustworthy organizations with the intention of obtaining information. This often includes usernames passwords and other important data.
Phishing can be tricky to catch and if an employee were to click a link attached to the email malware can be installed onto your computer. This can grant outsiders access to your computer system or cause disruption or damage. This is a very serious breach.
Anti-malware software can help. It helps prevent detect and remove malware. Use anti-malware programs for both company devices and the network in order to help mitigate your chance of a breach.
4. Implement Effective Password Policies
Weak passwords are a risk. All devices should be password protected and all account access should be protected by a strong password. These should include a combination of these factors:
- minimum 14 characters
- at least 1 upper case character
- at least 1 numerical character
- at least 1 special character
- no sequences of more than 2 of the same letters or numbers
- cannot contain your name email or company
Some companies ask employees to change their passwords frequently. There are mixed reviews on this as it can be challenging to think of a long complex password regularly. This can lead some employees to writing them down or using easy-to-guess words. There should be no repeat passwords allowed if you do require changes.
You accounts should also lock out after a certain number of attempts and have a method of confirming the user’s identity in order to reset (i.e. the email address identification questions approval from another employee).
Your password policy should be strictly enforced including on any personal devices that your staff may use to communicate or do work on.
5. Back Up Critical Information and Files
There is a chance that your company’s network could be breached at any time no matter how good your precautions. With this in mind it’s important that there is a back up of information and files necessary to your operation.
You can back up critical information and files on a separate hard drive or on the cloud. We recommend the cloud as you will have a back up should there be physical damage such as a fire.
6. Have a Mobile Security Strategy
Since mobile devices such as cellphones tablets smart watches and more are becoming increasingly popular it becomes crucial that you implement security protocols for these as well. If employees are using their own devices at work make sure that your company has a policy that emphasizes cyber-security precautions the same as if they were accessing the network on a company device.
Furthermore the same password policy should be applied to mobile devices.
7. Protect Yourself with Cyber Insurance
While insurance won’t prevent a cyber-attack it can help you recover from one. It can be very expensive especially if there are costs arising from a lawsuit. Cyber insurance offers peace of mind and a solid plan in case the worst happens. Many insurers offer resources for protecting your company as well.
While cyber insurance varies by insurance company and are constantly evolving here are the main areas of coverage:
- Cyber-attacks or hacking
- Theft and fraud (through cyber means)
- Forensic investigation of a cyber incident
- Business interruption coverage in the event of a covered event
- Cyber extortion
- Cyber defamation
- Computer data loss and restoration
Remember that not all cyber events may be covered. Discuss your coverage with your insurance broker.
Businesses are affected by cyber-attacks through a variety of means. Malware is often embedded in emails through attachments that when clicked will download malicious software into the user’s network. As well malware can be downloaded from infected sites or compromised files which lock business devices until a ransom is paid out. The average amount demanded for businesses during ransomware attacks can be upwards of thousands of dollars on top of all recovery costs and lost profit during the period of downtime.
Hopefully these cyber-security tips will help protect your business. Contact us today if you’d like to discuss your cyber insurance options.