As a small business, you may not feel that you have much to worry about when it comes to cybersecurity. Hackers are often portrayed in media as targeting governments or massive corporations with an ethical cause. But the real motive of most hackers is simply to make money, usually by selling or stealing data or demanding a ransom. Small businesses may still have access to considerable amounts of money and data, and hackers may perceive them as easy targets under the assumption that they do not have effective security measures in place. Don’t let that be true. Below are some steps you can take to keep your business as secure as possible from malicious actors.

11 steps to protect your business from a cyberattack

1. Create a culture of security

Emphasize to all departments and employees the importance of cybersecurity, not just your IT department, because a lapse by any employee has the potential to cause a breach. Train your employees on the methods you will be using and send constant reminders of your security practices to keep them vigilant. Designate a Chief Information Security Officer (CISO) and make them a part of the board. Make security briefings mandatory and block access for those who don’t attend.

2. Vet your employees

Cybersecurity damages aren’t always from external threats – sometimes, the culprit is a disgruntled employee. Run strict background checks on all prospective hires and trust your instincts if you find anything suspicious. Be wary if an employee repeatedly tries to gain unauthorized access to a cabinet, room, or server. When an employee leaves the company, take steps to ensure they will no longer have access to your server, such as changing any passwords they knew.

3. Protect your small business’s devices and documents

Physical access to sensitive documents and locations can be a major cybersecurity weak spot if you let your guard down. Keep your doors closed and locked at all times and only give the codes to those who need them. Never leave devices or documents in public places where they can be misplaced. Instead, make sure that your devices and documents are locked in cabinets or secure rooms. When you go home for the day, log out of the network and all applications. Keep an inventory of devices with sensitive information, including their location and what information they contain. If your business’s server is hosted on property, you will need to protect it structurally from breaking and entering attempts, as well as shielding it from electromagnetic interference. Extreme weather can also pose a threat, especially here in Tornado Alley.

4. Implement stringent password requirements

Require passwords for all devices and for access to different parts of your small business’s server. Make your passwords complex and hard to guess. General guidelines for a strong password include making it at least 12 characters long, using numbers and special symbols, and mixing uppercase and lowercase letters. Use password management software to store your passwords securely. Don’t reuse passwords or variations of an existing one. Don’t share passwords through internal communications. Improper password security can have disastrous consequences – a compromised password was at the root of the Colonial Pipeline attack that triggered massive fuel shortages in the Southeast earlier this year.

5. Use multi-factor authentication

Implement multi-factor authentication to access sensitive information. An everyday example of multi-factor authentication is a one-time code being sent to a smartphone that must then be entered on a computer. At a business level of cybersecurity, this may include inserting a physical key into a computer to gain access. Multi-factor authentication ensures that a leaked password alone won’t be enough for a malicious actor to gain access to your network.

6. Limit log-in attempts

Cybersecurity threats aren’t always the result of direct attacks – some hackers simply run programs that repeatedly guess passwords in an attempt to gain access. In 2014, celebrities’ iCloud accounts were compromised and personal photos were leaked through this method. The weaker your password, the greater the risk. Setting up your system to lock a user out after too many attempts will go a long way in protecting you against password guessers.

7. Segment and restrict access to your small business’s data

Segment your data and require separate passwords for each part of your business’s network. Know who has access to all devices and don’t give access to anyone who doesn’t need it. Err on the side of caution because unfettered access can be dangerous if a breach occurs. In July 2020, a security lapse at Twitter allowed hackers access to the site’s “god mode,” which they used to promote scams from the accounts of celebrities. Consider whether any single person needs access to all of your business’s information.

8. Update your computers, servers, and software

Your apps, web browsers, and operating systems should all be updated regularly. Intentionally created malware isn’t the only thing you have to worry about – accidental vulnerabilities often pop up in widely used, well-intended software as well. A current example is the Log4Shell exploit in the Java logging framework Log4j, which is estimated to threaten hundreds of millions of Java-based devices worldwide. Responsible developers will quickly respond to these threats with a new version when they are discovered, but you have to do your due diligence and install these updates. In addition to security patches, updates also fix bugs and add new features that will help your small business run more smoothly. If you wait too long to update your systems, not only will you be unnecessarily vulnerable to security threats that have been addressed, but you may also lose access to technical support for older versions and face compatibility issues with other software.

9. Backup all of your data

Create multiple backups of your data so that a single server failure won’t result in your small business losing everything. You should have backups both locally and in the cloud. Insufficient backup practices can be devastating – in 2016, a botched server migration resulted in MySpace losing all data prior to 2015. Treat your backups like you would anything else – keep track of the devices they are kept on and limit access.

10. Erase your files

Emptying your computer’s Trash or Recycle Bin does not actually delete your files, but only removes the reference to the file on your desktop. The file is not erased until your computer’s storage reaches capacity and it is overwritten; until then, your files are still recoverable by someone with the know-how. However, special programs exist that will overwrite your data dozens of times to eliminate any trace of them on your system. When disposing of physical documents, shred them instead of dumping them whole. If you want to be extra secure, disperse the scraps across different bags.

11. Be consistent with your internal cybersecurity measures

Maintain the same cybersecurity practices no matter where you’re working from. A misplaced or stolen laptop, for example, can provide a devastating open window into your network. So if you are traveling, log out of the network just like you would at the office.

How your small business can prevent a cybersecurity disaster before it happens

When it comes to cybersecurity, the best offense is a good defense. Attackers are always finding new vulnerabilities and techniques to access and steal information. But if you’ve taken proper steps beforehand, a breach doesn’t have to be the end of the world for your small business. Update your software regularly. Protect documents and limit access to those who need it. Make backups of your data. Protecting your information is a never-ending process, but you don’t have to go it alone. Here at Welch State Bank, we take cybersecurity seriously because we know people are depending on us to keep their financial information safe. Click here and contact us today for more tips on protecting your small business’s cybersecurity.