Are you a company owner in Florida, looking to improve your business with technology?
You might be using passwords and updating your operating system, but are these steps enough to protect data? If you're not taking a multi-faceted approach to cybersecurity, then your business is not protected.
With 43% of cyberattacks aimed at small businesses, why are only 14% prepared to defend themselves? If you don't have confidence in your defense strategy, it's time to make a plan.
We're going to focus on the main areas that you'll need to strengthen so that your business is safe and secure. Read on!
1. Firewall and Scans
When it comes to cybercrime, a firewall is a moat around your castle. If you're connected to the internet but don't have one, then your company data is vulnerable to attack. Whether it's hardware, software, or both, a business needs to prevent unauthorized access to its private network.
A Firewall is not a bulletproof plan for security. A virus, malware (malicious software), or a software exploit can give hackers access to a back door into your private network.
For this reason, your business needs strong anti-malware software, performing regular scans. The operating system, websites, and incoming files or attachments will need scanning for malicious code.
Ensure that once installed, the firewall and anti-malware scanner is running at all times. You must keep them up-to-date with the latest database of threats, so turn on automatic updates.
Impose strict restrictions on the operating system, internet browser, and email system. The goal is to prevent employees from installing malicious software or executing malicious code. Consider both accidental and intentional internal attacks.
2. Multi-Factor Authentication
Caution employees about writing down or storing passwords. Passwords should be set to expire monthly, prompting employees to change them for added safety.
Passwords need to be at least 8 characters long and should consist of a mix of numbers, upper/lower case, and special characters. This makes it harder for password-cracking software, sometimes driven by artificial intelligence.
Because of the availability of such software, businesses should use extra authentication steps. These could include a physical device or fingerprint verification.
Train employees to secure data and be on the lookout for phishing attempts. In particular, private businesses are often hacked by fraudsters posing as employees or clients.
Employees should never put sensitive data, files, or passwords in an email as a general good practice principle. Put systems in place that encrypt data, to make access as hard as possible, even when thieves intercept it.
3. Backup Data
Data protection starts with keeping regular copies backed up. The company system should be set to back up the data daily on in-house drives or using a cloud service. If using a cloud service, encrypting this data is especially important, because it will be leaving the private network.
The 3-2-1 strategy is common in IT, whereby three backup copies should exist in at least two separate locations. Create these backups daily and test them for integrity often.
A company should have a system in place that can immediately quarantine its software and files during a cyber attack. This advice applies to the backup data too.
Data could be corrupted by hard drive failure or destroyed by natural disaster. An employee could delete data in error, or it could be the subject of a cyber attack (ransomware). Without a safe and secure archive of this data in another location, there will be expensive downtime when the business cannot operate.
Without backups, there may not be another way to recover damaged files. When primary or backup hard drives do fail, they should preferably be magnetically wiped, to prevent recovery of any files by an outside party.
4. Automatic Updates
Update operating systems, software, and hardware regularly, with patches for new vulnerabilities. Turning on automatic updates is the best guarantee that these patches are active in a timely fashion.
Windows updates tend to occur about once a month at the moment, but it's best to have systems and software check and install updates daily.
Turn off all browser capabilities that store information, including autocomplete and browsing history. Sensitive company information should only be entered on secure (HTTPS) websites.
Windows and Mac hard drives can be encrypted with BitLocker and FileVault, respectively. Turn off Bluetooth on all company devices, as this can be used by a hacker for access also.
5. Internal Policies
Employees should be given a clear set of cybersecurity rules and trained in good practice. Any weakness in company policy can be exploited.
Company data should never be transmitted over public wi-fi, as it is vulnerable to interception. An employee's private wi-fi may also be un-secure, so company laptops and computers should require a wired connection. If providing a company laptop, it would be a good policy to supply a secure wireless hotspot or tethered cellphone.
Wi-Fi is a serious security risk for a business, and if you can't rely on a wired-only connection, it should at least be secure, encrypted, and hidden. Employees should be forbidden from conducting work or related communications on personal equipment that is outside the company's internal security framework.
Warn employee's about leaving computers running overnight since this puts them at risk of a cyber attack at a time when there will be no one to witness it. Similarly, if an employee is away from their desk for an extended period, they should shut down their computer for the same reason.
Need to Protect Data?
We've shown that a good cybersecurity strategy needs to be strict and followed by everybody within the company. Don't risk expensive business downtime, just because you didn't have a plan to protect data.
If you're an IT director or business owner located in South Florida, we can help you safeguard your digital assets. We are a provider of IT and tech consulting services, and we keep watch 24-7.
Contact us today to get started.