Do I really need a cyber security best practices for small businesses? Here’s the thing. It doesn’t matter if you’re a Gloogle or a mom’n’mom paper crafts store on Etsy: if you’re in business, cyber security matters. It matters because if something goes wrong—let’s say some no-good hacked into your customers’ personal data—you could be faced with penalties, embarrassing headlines, and customers who don’t trust you anymore.
Google has a whole county full of cyber security experts. Probably. But getting and keeping data secure can be a challenge for a small businesses. It’s not always easy to find the expertise or the $$ to get and stay secure.
But dry your tears, because we’re here to kick off your journey into peace of mind with our top six cyber security best practices for small businesses. It’s a joyous mix of hardware, software, policies, and practices that, together, keep you and your data happy, safe, and secure.
Here’s what to do with your cyber security best practices for small businesses:
1. Identify Your Most Sensitive Data. And Where It Lives.
Sensitive data is information that must be kept cozy and protected from everyone except those who have permission to access it. Sensitive data isn’t just about none-of-your-business personal data, such as your checking account number. Sensitive data is sensitive, depending on its nature and context, for instance:
- Data must be kept private for compliance reasons, privacy reasons, or commercially sensitive reasons, such as intellectual property or contracts.
- Data for normal business operations such as emails and important files, which must be kept accessible to people who need it but safe from people who don’t.
- Data that mustn’t be changed by unauthorized people e.g. nuclear warhead codes.
Once you’ve identified your sensitive data, find out where it’s stored and used. You’ll no doubt discover it’s scattered around like confetti:
- On mobile devices like tablets, laptops, and smartphones
- In the cloud, if you use SAAS
- On USBs and external hard drives
- On file servers, probably in Moldova
Protecting sensitive data is cyber security’s main reason for living. Once you’ve established what data you have and where it is, it’s time to protect it.
2. Create a Culture of Cyber Security.
Easier said than done, but keeping data safe should be part of an organization’s culture and everyday activities. It’s a mindset thing. If the top cheeses take data security, risk, and IT governance seriously, they’ll demonstrate a proactive approach to it. Not just by committing time, effort, and money to it, but by practicing what they preach.
Senior commitment to data security might look like this:
- Ensuring that procurement and onboarding procedures address data security.
- Committing to working towards compliance regimes such as SOC 2 or HIPAA.
- Giving employees the time and tools to manage data responsibly.
- Reducing human error by investing in data security automation.
- Maintaining security awareness as a hot topic, for instance, through phishing simulations.
3. Back Up. Back Up. Back Up.
Backing up your critical data is a basic yet super-effective protection against losing it all. If your business gets hit with downtime through ransomware attacks, computer failures, or cloud outages, you won’t say goodbye to most of your data. Automate your backups, and you don’t even have to think about it.
4. Secure Your Network.
We’re not suggesting barbed wire and attack dogs, but it’s worth a try. Failing that, ensure that your network is resilient enough to withstand a truckload of different-flavored cyber attacks. You’re looking to stop spam, phishing, malware, and ransomware attacks as well as those pesky hackers. Secure your network by:
Installing a Firewall
A firewall monitors your network’s incoming and outgoing traffic, and decides what’s ok to let in or out. There are different species of firewalls, but our pick for small businesses is a Layer 7 firewall, which is application-based. Instead of the more generalized monitoring of IP addresses, Layer 7 firewalls monitor the contents of data packets from applications.
Using the Most Up-To-Date Wireless Access Points
A Wireless Access Point (WAP) is the device that creates your wireless local area network and allows your devices to connect to the outside world. It’s important to secure these points with the most up-to-date security standards and encryption technologies, so make sure your WAP conforms to the latest iteration of the Institute of Electrical and Electronic Engineers (IEEE) standard 802.11.
Putting a Lock on It
Go back to basics by keeping your network cupboard or server room safe with physical security such as controlled doors with multi-layer access. It’s also sensible to ensure that the physical conditions, e.g., temperature, are appropriate.
5. Use Mobile Device Management (MDM)
MDM is an unbreakable piñata that is stuffed to the back teeth with data security protection. For small businesses, it’s a cost-effective way of managing data security across a fleet of devices. MDM provides:
Remote Lock and Wipe
If one of your team’s devices has been lost or stolen, MDM can track, lock, and wipe the device. That’s it. Good, huh?
Web Filtering
If you don’t already have web content filtering software on your devices (or even if you do), you can easily block or allow access to websites or apps using your MDM central dashboard. This means your team won’t be able to access iffy sites or get bothered with risky pop-ups, reducing the risk of cyber attacks.
Encryption
Automated data encryption is one of the many joys of MDM. It keeps data safer by making it unreadable as it flows. If you have a password or a recovery key, you get to read it. Anyone else? Nope.
Controlled Access
When you limit access to sensitive data, you’re keeping it safer. MDM allows you to grant access to data on a role or permission basis, ensuring that only authorized people can actually get their hands on it.
6. Use Cloud Single Sign On (Cloud SSO).
Cloud SSO is a web application that stands between your employee and all your business cloud accounts like Slack or PayPal. It’s a single point of access that dispenses with the need for multiple passwords and usernames (a security nightmare) and creates a strong front door to your business applications. Your strong front door includes multi-factor authentication, a strong audit trail, and permission-based access. Isn’t that satisfying?
These are just six of the most important cyber security best practices for small businesses (and for big businesses, too). It can feel pretty daunting if you’re just starting out on your cyber security adventure, but we can make it manageable. We’d be happy to advise you on how to get started, so give us a call. We’re here to help!