No matter the size of your business, it is important to make sure it is protected from the latest web threats. Whether it’s outside threats or an internal breach, it can be a daunting task!
For more information, view these downloadable PDF links from the Federal Trade Commission on how to protect yourself and your business.
- Scams and Your Small Business
- Data Breach Response
- Start with Security
Here’s what you need to know to keep your business safe online:
1. Protect against Malware
Malware is software designed to destroy your computer or network without you being aware.
- Engage the firewall – A decent Internet router will have a pre-existing firewall but you have to turn it on and configure it yourself, for it's maximum protection. With the sophistication of malware these days it may not protect but it is a good first barrier defense.
- Protect the PC – In addition to a company firewall, there are various security software packages that can be installed on the computer without compromising the performance of the computer. The best kind of security software is the one that resides on the actual PC without compromising the performance of the computer. This kind of security will protect your business from identity theft, sketchy websites and hackers within one solution.
- Email – Antispam helps limit unwanted email, lowers risks and distractions for employees.
2. Write Your Business's Policy and Procedures
Smaller businesses are easy targets for fraud because of their limited or lack of IT support, however all businesses have risk. Employees should be taught (and re-taught) about your business’ security format and requirements.
What your security policy should say (but not be limited to):
- Require strong passwords: General rule of thumb is that passwords should be a minimum of 10 characters, be a passphrase and/or use at least 3 out of the 4; upper case, lower case, special characters and numbers. For added security they should be nonsense making them harder to crack. (More in the next section)
- Consequences: Be sure to have a consequence if the policy is not followed and be ready to follow through with it.
- Computer usage: Establish a “dos and don’ts” list of proper computer usage so your employees know how they should use their computer on work time. Including the Internet.
- Email usage: This should cover the protocol for internal and external email communication and include a description of what should or should not be opened and forwarded. Additionally, any financial direction, such as wire instructions, ACH information or payment requests received by email should be verified by a source other than email.
- Questions: Establish a point person who can answer questions about the policy and security measures your business is taking.
3. Password Protection
Passwords are the key to almost everything in most small business networks. The more characters to a password the stronger it will be.
- Strength in numbers – The longer the password is the tougher it is to hack. A minimum of 10 characters is suggested and should be a passphrase and/or use at least 3 out of the 4; upper case, lower case, special characters and numbers.
- Time limit – It is recommended to set a time limit on all passwords so they get changed often, such as every 60, 90, 120 days.
- Commit to memory – Train your employees to memorize their passwords versus writing them down or storing them on cell phones.
- Delete the pattern – The strongest passwords are passphrases or, those that don't make any sense. Using a random compilation of letters, numbers and special characters ensures the complexity of the password and makes it harder to guess at random.
4. Select the right Security
Choosing the right security can help defeat the latest threats with fewer distractions for your employees.
- Automatic Updates – Your employees shouldn’t have to remember to update their computers security so choose the security solution that offers automatic updates.
- Productive websites – In your business security policy you will discuss solutions for acceptable web use. On the flip side, it would be appropriate to establish unacceptable web use. Your security solution should offer URL filtering so you can limit and deny access to unproductive sites during business hours.
5. Team effort
Employees may send out information that is confidential to the wrong person or in an unsecured way.
- Regulations –It’s important to make sure your employees know the latest regulatory requirements and the importance of safely protecting all information via electronic transmission.
- Confidential – Train your employees to understand and be able to discern what kind of information is confidential (non-public) and should be protected and what consequences can happen if personal information gets out.
6. Be the first defense
It doesn’t matter what position you hold in a business, people look around to see what everyone else is doing.
- Walk the walk – Lead by example and enforce the companies’ security measures whole-heartedly. It takes one mistake to let a virus in – make sure it stops at your diligence.
- Share the knowledge – If you have found a better practice or have heard about a new threat, let your co-workers or employees know and encourage them to share as well!
7. Personal devices used at work
Today’s day and age, everyone has some kind of device. Whether for business for personal, make sure your business lays the ground work for security of both kinds.
- Bring Your Own Device (BYOD) – It’s your responsibility as an employer to set the standard on devices at work. Create a policy that explains data deletion, location tracking and Internet monitoring issues.
8. Be up to date
Be sure your mobile users, computers and servers are protected against any security threat. Remember the saying, “You are only as safe as your last update”.
- PCs – Choose a security solution that is appropriate for your computer; putting a brand new, top of the line security system on outdated models will make the PCs slow down. Choose a solution that is compatible for your system.
- Education – Provide your users information about the software versions their system uses and how to check which version they have. Provide links and directions on how they can update to the latest version and the PC requirements to get the latest version.
9. Choose a partner, not just a vendor
Look for a vendor who understands the need of security in a business environment and takes pride in doing their job.
- Focused – Choosing a security vendor who makes security their #1 priority and not just an added bonus to their other list of services
- History – Check their success rate to make sure they have done with others what they are claiming to do for you. Whether your business is big or small, make sure they can handle the coverage you need for your size of business.