Too many small-business people aren’t willing to ask for help when they need it. Entrepreneurs by nature tend to be independent risk-takers. They started the company and it is their baby. Obviously, they should know how to raise it.Read more
8 Cyber Security Best Practices for Business
It’s easy to think that because you have a small business, cybercriminals will pass over attacking your company. The “not much to steal” mindset is common with small business owners in regards to cyber security, but it is also completely incorrect and out of sync with today’s cyber security best practices.
In reality, the U.S. Congressional Small Business Committee found that 71 percent of cyber-attacks happened at businesses with less than 100 employees. Even more concerning, the 2016 State of SMB CyberSecurity Report by Ponemon and @Keeperfound that 50 percent of SMBs have had a security breach in the past year.
But why are small businesses attacked more often than larger businesses? Almost all cyber-attacks are to obtain personal data to use in credit card or identify theft. While larger enterprises typically have more data to steal, small businesses have less secure networks, making it easier to breach the network. CSO.com by IDG’s article “Why criminals pick on small businesses” says that by using automated attacks, cybercriminals can breach thousands or more small businesses, making the size less of an issue than the network security.
The CSO.com article says that lack of time, budget and expertise for proper security is a top reason for the high rate of SMB attacks. Other reasons include not having an IT security specialist, not being aware of the risk, lack of employee training, not updating security programs, outsourcing security and failure to secure endpoints.
How can your business avoid being a victim of a cyber-attack? Here are 8 cyber security best practices for business you can begin to implement today.
1. Use a firewall
One of the first lines of defense in a cyber-attack is a firewall. The Federal Communications Commission (FCC) recommends that all SMBs set up a firewall to provide a barrier between your data and cybercriminals. In addition to the standard external firewall, many companies are starting to install internal firewalls to provide additional protection. It’s also important that employees working from home install a firewall on their home network as well. Consider providing firewall software and support for home networks to ensure compliance.
2. Document your cybersecurity policies
While small businesses often operate by word of mouth and intuitional knowledge, cyber security is one area where it is essential to document your protocols. The Small Business Administration (SBA)’s Cybersecurity portal provides online training, checklists, and information specific to protect online businesses. The FCC’s Cyberplanner 2.0provides a starting point for your security document. Consider also participating in the C3 Voluntary Program for Small Businesses, which contains a detailed toolkit for determining and documenting cyber security best practices and cyber security policies.
3. Plan for mobile devices
With 59 percent of businesses currently allowing BYOD, according to the Tech Pro Research 2016 BYOD, Wearables and IoT: Strategies Security and Satisfaction, it is essential that companies have a documented BYOD policy that focuses on security precautions. With the increasing popularity of wearables, such as smart watches and fitness trackers with wireless capability, it is essential to include these devices in a policy. Norton by Symantec also recommends that small businesses require employees to set up automatic security updates and require that the company’s password policy apply to all mobile devices accessing the network.
4. Educate all employees
Employees often wear many hats at SMBs, making it essential that all employees accessing the network be trained on your company’s network cyber security best practices and security policies.
Since the policies are evolving as cybercriminals become savvier, it’s essential to have regular updates on new protocols. To hold employees accountable, have each employee sign a document stating that they have been informed of the policies and understand that actions may be taken if they do not follow security policies.
5, Enforce safe password practices
Yes, employees find changing passwords to be a pain. However, the Verizon 2016 Data Breach Investigations Report found that 63 percent of data breaches happened due to lost, stolen or weak passwords. According to the Keeper Security and Ponemon Institute Report, 65 percent of SMBs with password policies do not enforce it. In today’s BYOD world, it’s essential that all employee devices accessing the company network be password protected.
In the Business Daily article “Cybersecurity: A Small Business Guide,” Bill Carey, vice president of marketing and business development at Siber Systems, recommended that employees be required to use passwords with upper- and lowercase letters, numbers and symbols. He says that SMBs should require all passwords to be changed every 60 to 90 days.
6. Regularly back up all data
While it’s important to prevent as many attacks as possible, it is still possible to be breached regardless of your precautions. The SBA recommends backing up word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Be sure to also back up all data stored on the cloud. Make sure that backups are stored in a separate location in case of fire or flood. To ensure that you will have the latest backup if you ever need it, check your backup regularly to ensure that it is functioning correctly.
7. Install anti-malware software
It’s easy to assume that your employees know to never open phishing emails. However, the Verizon 2016 Data Breach Investigations Report found that 30 percent of employees opened phishing emails, a 7 percent increase from 2015. Since phishing attacks involve installing malware on the employee’s computer when the link is clicked, it’s essential to have anti-malware software installed on all devices and the network. Since phishing attacks often target specific SMB employee roles, use the position-specific tactics outlined in the Entreprenuer.com article “5 Types of Employees Often Targeted by Phishing Attacks” as part of your training.
8. Use multifactor identification
Regardless of your preparation, an employee will likely make a security mistake that can compromise your data. In the PC Week article “10 Cyber Security Steps Your Small Business Should Take Right Now,” Matt Littleton, East Regional Director of Cybersecurity and Azure Infrastructure Services at Microsoft, says using the multi-factor identification settings on most major network and email products is simple to do and provides an extra layer of protection. He recommends using employees’ cell numbers as a second form, since it is unlikely a thief will have both the PIN and the password.
Security is a moving target. The cyber criminals get more advanced every day. In order to protect your data as much as possible, it’s essential that each and every employee make cyber security a top priority. And most importantly, that you stay on top of the latest trends for attacks and newest prevention technology. Your business depends on it.
No matter what role we find ourselves in — entrepreneur, executive, sales and marketing professional, to name just a few — we are in constant motion, reacting to the day’s events, feeling the pressure to perform and focusing on results.Read more
No matter what role we find ourselves in — entrepreneur, executive, sales and marketing professional, to name just a few — we are in constant motion, reacting to the day’s events, feeling the pressure to perform and focusing on results.
It’s not as if coaches have secret powers or have some deep-seated knowledge of your industry that could open the door to more success. Coaches are mere humans like you and me. However, good coaches can help you identify your blind spots.
Being an entrepreneur is one of those few jobs where your path is not charted out for you. No one cares about your past experience, no one will hold your hand when things get difficult and no one will sugar coat their belief in your potential failure.
When it comes to business, speed is a weapon that separates certain organizations from the competition — but, its speed can also be harmful if not handled correctly. In the age of digital innovation and transformation, small companies have burst out of the gate to disrupt traditional business molds.
If you’ve ever met someone who told you they were a “business consultant,” and you scratched your head wondering what in the heck does that really mean, you are not alone. The term “consultant” is so vague it often borders on euphemistic.
To survive as a consultant in any industry, you need to charge fees that will enable you to stay in business; at the same time, both you and your clients need to feel that your fees are fair and equitable. So how do you find the middle ground that seems fair to everyone involved?
In sports, we often talk about athletes who “want it” more than others. These are the players who show up early, who use up every last ounce of energy in pursuit of their best performance. Players for whom defeat is viscerally painful, the ones who will stop at nothing to succeed.