Today we look at some tips for small business. Most of my work is aimed at larger organizations. However many of my concepts and strategies apply to businesses of any size. But large businesses are usually more able to implement a full complement of cyber security strategies. But today we are going to go into specifics for small businesses. These are actions that they can start taking today to make their environment safer and more secure.
- Control your documents. I can’t tell you how many times I have been in a small business and they have customer work orders or customer invoices laying out everywhere. Or vendors putting billing information with no seal on it on a desk or just dropping it off. This information can easily be stolen and used to create phishing attacks or for further social engineering. You will sometimes even see employees taking documents home maybe to work on something or just by accident. These documents need to be controlled and seen by only the people who need to see them. If they are stolen from your control, then you could be liable. Shred unneeded documents and communicate these document control policies to all your employees.
- Manage your passwords. This very same issue has been coming up for decades, and it never seems to go away. There were password issues I dealt with 30 years ago. And they are still before us. Strengthen your password policies, make sure passwords are on everything, and do not share passwords with anyone who does not need to know. Also change passwords frequently and be careful with employees that have left the company and still know your company passwords. Change them before they walk out the door. Finally look seriously into a password manager. These applications are effective, simple to use, and will keep you from trying to create simple passwords so you can remember them. Let the password manager manage them for you.
- Seriously look into an MSP that specializes in cyber security. Many of you are familiar with an MSP managed service provider. And if you have one they most likely own your firewall and router that your company depends on. I would suggest you look into their competence as an organization that can handle your cyber security. If not look at going with someone who does. Or maybe stay with the same MSP and consider hiring a security services provider to just handle your security. In this way, you will get the overlapping or layered protection I have been talking about. Remember you need a system of watching the watcher.
- Back up your data, this is not only in the case of an accident but also for security. Ransomware is rampant and can hit small businesses particularly bad. Even to the point of wiping them out. If a bad guy gets into your system and holds your data for ransom, you will have no options. But if you have a good clean backup you can be up and running as soon as you clean the hacker out of your system. Perform regular backups, put them on trusted cloud storage, and then go the extra step and create a physical backup and store it offsite. Put it at another office, or at home, or on even your safe deposit box. You will be glad you did this in the event of an attack. Don’t forget this data is potentially the most valuable thing you have. You store your money in the bank, but this data many times is worth more than the few thousands cash you have in the bank.
- Train your employees, this one may take a little more time but start today. With your tips for small business, I always include a word about training. Start with an overall discussion with all employees on what is safe and not safe to do with company data. Many times it is simple things such as document control mentioned. How you talk to strangers on the phone to be aware social engineering, as well as looking out for unsecure Solicit your MSP to come in and do some security talks to your employees.
- Give the employees a contact. An employee should feel safe coming to you or someone you have delegated to report any security problems they see. It should not be done as a retaliatory thing but as a safe way of getting this critical information back to you. These conversations should be ongoing; this is not a one-time thing. Maybe offer a small reward or bounty for someone who takes an action that helps your security. People really respond to these things. We are all coin operated.
- Get some policies in place. When looking at tips for small business you should have a set of policies and procedures in place so that everyone is reading from the same rulebook. It does not have to be a complex set of policies. Start simple and build it now. You will be amazed at a year from now how you will rely on these policies and refer to them frequently as your guide. The important thing is to do something now. Do not wait because the hackers are certainly not waiting.