Top 3 Reasons Even Small Businesses Should Care About Cybersecurity

Prevention is Key

The good news for SMB’s is that the majority of cyberattacks are preventable and preparing for them doesn’t have to break the bank. Here are some simple solutions that will protect your small business from the most common threats.

The top threats are:

• Email Compromise
• Exposed Passwords
• Ransomware
• Exploiting Vulnerabilities in Systems

Here are some things you can do to help protect yourself and your business from hackers, ransomware, and other common threats.

Passwords

Let’s face it, passwords are a pain in the you-know-what. They are hard to remember, & everything you do online requires a password. So, what do you do? Most people use the same password for just about everything, use passwords that are easy to guess, and when it comes time to change them, just add a “!” or number to the end.

Not a good habit and hackers can easily figure these out. Many times, they are using specialized software to automatically do this for them, and weak passwords get “cracked” (discovered) in seconds. Sometimes it’s as simple as buying your old password on the “Dark Web”, a special area of the Internet where hackers buy and sell things like this.

What to Do

Make your life easier by using a password manager. These programs help you to create unique and difficult to guess passwords for all the websites you visit. There’s nothing to remember except the one Master password to use the program (don’t forget that one and make it HARD to guess!).

Password managers usually have an accompanying app for your mobile devices and work on your computers too in your web browser. They can “autofill” your passwords as you use them. Easy as 1…2…3. Good password managers are LastPass, Keeper, and 1Password.

Multi-Factor Authentication

Also called Two-factor authentication, 2FA, or MFA. This is simply a fancy term for requiring an extra piece of information to be able to log in to your systems and websites. Often, it’s as simple as a code that is sent via text message to your phone. So, to log in to your bank website, for example, you would need your username and password AND the special code that is sent to your device. This makes it extremely hard for a hacker to get into your account.

What to Do

Enable multi-factor authentication in every place that offers it. Banks, credit cards, email, and others offer this as a standard feature. Sometimes you must dig a little bit to find this setting in your account settings, but it’s there often (usually under Account Settings…Security). It should always be ON if offered.

One alternative to using a text message would be apps on your phone (Google Authenticator and Authy are popular options) that generate unique codes that take the place of the text message.

The People Problem

Even if your IT systems are protected with adequate cybersecurity measures, there is one gaping hole in most security plans and hackers love to exploit this. Your employees. They are easy to trick into clicking something they shouldn’t or even providing information over the phone or in-person that is confidential.

What to Do

Train your employees using a regular system of security awareness training. The plan should also include a way to test phish (sending them fake phishing emails to see who your “clickers” are) your people. Good systems of training are fun, easy to learn, and constantly updated over time to adapt to current trends. KnowBe4 is a great place to start and offers all the above and more to train your people.

Security Updates and Configuration Problems

Often hackers take advantage of computers and systems that haven’t applied the latest security fixes or systems that are misconfigured. You’ll hear the word zero-day exploit in the news on occasion. What happens when a bug is found in a program, but no fix has been provided by the vendor yet. These can be especially tricky to deal with.

What to Do

Make sure that your systems are all set to apply and install the latest security updates and when you see prompts on your computer to do these, allow the updates to apply and restart your computers. Your IT folks should also review the other devices in your business that can’t automatically do this, and they should apply security fixes on these.

The IT team should also perform a security and health audit of your network and close any misconfigured “holes” in systems (your firewall for example) and clean up items found from those scans.

Security Software

Often hackers will attempt to trick your people into clicking something malicious, which then loads their tools or ransomware in some cases and causes all kinds of problems.

What to Do

Make sure that you are running an enterprise-grade endpoint security program on each system at a minimum. In the old days, this software was called “antivirus”, but those days are long gone. Today’s advanced software does so much more. Look at products like Webroot, ESET, or security tools from Symantec for some good options.

If you want to add even more security, there are more advanced tools that you can load on systems to create “layers” of security. Each doing something a bit different than the other to help ward off attackers. The best solutions will stop viruses, ransomware, and be able to detect and respond to hacker threats even while you are sleeping.