Imagine that a someone walks into your small business office, sits down at an unlocked computer and starts downloading files onto a USB thumb drive. You would probably immediately unplug the thumb drive and call the police!
The reality is that criminals are showing up at thousands of small businesses every day to do the same thing — but most businesses don’t even realize it. Rather than walking through a physical door, they are attempting to break through network doors. And many small businesses leave the keys on the table and an unlocked computer on the desk with no security in sight.
In this article, we will take a look at how to secure your small business network from attack and avoid the costly consequences of data loss and downtime.
Criminals show up every day to try and access your small business network — is it secure? Or, did you leave the keys out in the open?
Train Your Employees
Employees are the single biggest cybersecurity threat to your small business. By educating employees about cybersecurity best practices, you can help them avoid making simple mistakes that can compromise your entire network. Training employees during onboarding and on an ongoing basis is imperative to ensuring long-term security.
Important topics to cover include:
- How to spot a phishing scam.
- How to recognize malicious files.
- How to report suspicious activity.
In addition to spotting cybersecurity threats, you should train employees how to follow best practices and use common cybersecurity tools, such as anti-virus software or password managers. These efforts can proactively prevent cybersecurity threats from reaching employees, which dramatically cut down on the risk of a successful attack.
Best practices and tools to cover include:
- Two-factor authentication.
- Anti-virus and anti-malware software.
- Password managers.
You should formalize the training and guidelines by coming up with a specific checklist and scheduling ongoing training for all employees. For example, a company might hold training sessions every month where they discuss some of the most common threats and reward employees that recognize them in random tests throughout the year.
Active Network Protection
The best way to protect employees is to keep cybersecurity threats from ever reaching them in the first place. By installing protection at the network level, you don’t have to rely on employees knowing how to install and use security software on their own devices. And you can control and update everything from a single administrative dashboard.
Active network protection addresses threats like:
- Network intrusion
- Botnet and DDoS attacks
- Ransomware and malware
- Data leaks and open ports
It’s also important to keep all of your network hardware up-to-date and change the default settings. For example, you should be sure to change any factory default administrative username and password for your router and other hardware, as well as ensure that any firmware is updated to avoid any potential known vulnerabilities.
You may want to consider hiding employee WiFi networks from public view using the appropriate router settings while ensuring that employees never connect to public WiFi networks in the office. This can help minimize the risk of a third-party gaining access to a WiFi network and intercepting traffic running across it.
Schedule Regular Secure Backups
Data loss is often the most costly outcome of a cyber attack and it’s very difficult to recover. According to Dr. Jane LeClair of the National Cybersecurity Institute, half of small businesses that suffer data loss from a cyber attack go out of business within six months as a result. These issues can be easily avoided using effective data backup solutions.
Secure data storage can protect against several threats:
- Ransomware attacks
- Malicious employees
- Accidental deletion
- Data loss from hackers
The most effective data backup solutions are both convenient to use and technologically secure. For example, setting up a Google Drive account and having employees move over data every week is both inconvenient and insecure, but automatically backing up data every six hours to encrypted cloud storage is effortless and highly secure.
If your business is subject to regulatory compliance, such as PCI, HIPAA or other regulations, you also need to ensure that your cloud storage solutions meet these guidelines to avoid any fines or penalties. This often means adhering to minimum encryption standards that are designed to safeguard client information — even if they fall into malicious hands.
Use VPNs When You’re Using Public Networks
Virtual private networks, or VPNs, route data through a third-party server before going through a public WiFi access point in order to mask your IP address and encrypt sensitive data, such as your browser history, passwords and anything else that’s being transferred between your computer and company network. It’s the only way to secure your data on public networks.
Employees should be required to connect to company networks through VPNs, especially when they are using public WiFi networks, such as coffee shops or libraries. In these instances, VPNs can protect against man-in-the-middle attacks whereby malicious users can intercept and steal information that’s transmitted on the network.
It’s important to note that you should never use free VPNs for these purposes since they are both insecure and unreliable. If your business is too small to afford an internal VPN solution, you may want to consider trusted VPN services that are specifically designed for small businesses looking to protect their information.
How to Get Started Today
Network security is one of the most important aspects of cybersecurity. Without taking the proper precautions, you are essentially leaving your small business’ door open with an unlocked computer on the desk for criminals to access client data and other sensitive information. It’s a recipe for disaster.