Small businesses are becoming a larger target for criminals seeking to access sensitive data because attackers are well aware that small businesses are unprepared for an attack – having limited resources or personnel dedicated to information system security. In fact, more than half (54%) of small business owners were victim to at least one type of cyber attack over the past year and most (78%) are unprepared without a cyber attack response plan, according to Nationwide’s Small Business Indicator survey.
In an effort to combat cyber-attacks, the Small Business Administration outlined some tips to help small business owners to be prepared in the event of a cyber-incident.
Here are 9 cyber security tips for small business owners:
1. Use the FCC’s Small Biz Cyber Planner to create a cyber security plan
The Small Biz Cyber Planner is valuable for businesses that lack the resources to hire a dedicated staff member to protect themselves from cyber threats. The tool walks users through a series of questions to determine which cyber security strategies should be included in the planning guide, and generates a customized PDF that serves as a cyber-security strategy template.
2. Establish cyber security rules for your employees
Establish rules of behavior describing how to handle and protect personally identifiable information. Clearly detail the penalties for violating cyber security policies.
3. Protect against viruses, spyware, and other malicious code
Install, use, and regularly update antivirus and antispyware software on every computer used in your business. Such software is readily available online from a variety of vendors.
4. Educate employees about safe social media practices
Depending on what your business does, employees might be introducing competitors to sensitive details about your firm’s internal business. Employees should be taught how to post online in a way that does not reveal any trade secrets to the public or competing businesses. This type of safe social networking can help avoid serious risks to your business.
5. Manage and assess risk
Ask yourself, “What do we have to protect? And, what would impact our business the most?” Cyber-criminals often use lesser-protected small businesses as a bridge to attack larger firms with which they have a relationship. This can make unprepared small firms a less attractive business partner in the future, blocking potentially lucrative business deals.
6. Download and install software updates when they are available
All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install such updates automatically.
7. Make backup copies of important business data and information
Regularly backup the data on every computer used in your business. Critical data includes word processing documents, spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly.
8. Control physical access to computers and network components
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft, so make sure they are stored and locked up when unattended.
9. Secure Wi-Fi networks
If you have a Wi-Fi network for your home business make sure it is secure and hidden. To hide your Wi-Fi network, configure your wireless access point or router so that it does not broadcast the network name, known as the Service Set Identifier (SSID). In addition, make sure that passwords are required for access. It is also critical to change the administrative password that was on the device when it was first purchased.