5 ways to improve your small business cybersecurity today
5 Ways To Improve Your Small Business Cybersecurity Today
- Implement Passphrases instead of passwords
- Stop reusing passwords across websites
- Develop common sense policy and procedure around security
- Train your company on the importance of cybersecurity
- Remove administrative rights to computers
In today’s small business world, one of the top risks is having a malicious third party gain access to your company’s network, launch a cyberattack against your organization, hold your data for ransom, and take a copy of that data for further malicious purposes.
There is no combination of security that “guarantees” your organization will not fall victim to a cyberattack, but there are some intentional steps you can take today to improve your chances.
Implement passphrases instead of passwords
The first step in improving your small business cybersecurity is to stop using passwords, and instead use passphrases. A passphrase is exactly that – a series of words versus a single word, or jumble of characters. Humans remember phrases well – there is a reason why quotations are easy to recall. When you utilize this natural human ability, you make it easy for your organization to have much longer “passwords” to systems – TheQuickBrownFoxJumpsOverTheLazyDog is quite a long password, but easy to remember.
The all important “why” of doing this is that the longer the password, the harder it is for a hacker or malicious tool to break. A 7 character password (abcdefg) takes approximately .29 milliseconds to crack with modern technology. Meanwhile a 12 character password (abcdefghijkl) would take around 2 centuries, assuming the password was properly formed. Doing a long passphrase functionally removes the ability of a hacker to break or guess the password, outside of social engineering techniques.
Stop reusing passwords across websites
The next step in improving your small business cybersecurity is to stop reusing passwords for multiple websites. When you reuse passwords, one compromise of the password allows the malicious actor to combine that password with your email (the most likely username for a website) and automate attempts against the most common 500 websites on the planet over the course of a day.
In the risk mitigation world, there is the concept of a risk versus a constraint. Both hamper your business and can bring harm – the difference between the two lies in your ability to control or affect the risk/constraint. A risk is completely outside your control – you cannot dictate a third party’s cybersecurity policies, procedures, and habits. A constraint is a pair of metaphorical handcuffs on your organization – it is a “choice” your organization has made that is reducing your capacity in some way – a constraint on your business.
While you cannot control if a third party organization falls victim to a cyberattack (a risk), you CAN choose to not reuse the same password to access both your bank account and your office supply vendor (a constraint).
Develop common sense policy and procedure around security
On your journey to improve small business cybersecurity, few things can be as impactful as something that everyone in the organization can do. Universal actions mitigate a risk, no matter who is involved. The first action items in this post are examples of a common sense policy and procedure your organization can adopt. Other policies and procedure can be around using company resources for personal business, when company resources will function / be accessible, security requirements around “bring your own device” (BYOD) access to company resources, training requirements, and more.
Making sure that your organization’s policies are accessible and easy to comprehend, while also clearly defining “why” they exist can improve adherence and adoption – No one wants to be the reason a cyberattack was successful on your organization.
Train your company on the importance of cybersecurity
Getting everyone on the same page around your small business’ cybersecurity strategy will help you improve that stance. According to Bridge(1), a leading learning management system, after one hour, people, on average, retain less than half of the information presented. Over 70% is gone in a day, and 75% is lost after six days.
Mentioning that cybersecurity is important to your organization once creates a false sense of completion and safety in your leadership team’s head. Implement a consistent internal marketing system around security, best practices, and their importance organization wide. Manage this system, and analyze it for gaps.
In today’s environment, you’re either working proactively to improve, or becoming the next victim.
Remove administrative rights to computers
Few things can impact your small business cybersecurity as much as the removal of administrative rights from your staff’s computers. Administrative rights is a special term in I.T. – it means you can install and run software on the machine without “asking” to. When your user has administrative rights, it makes it so they don’t have to stop before doing things on their machines – If Adobe or Microsoft had an update, they could install it and move on with their day. While this sounds like benefit, the risk far outweighs the productivity savings.
Does your employee know how to recognize false emails? Do they have knowledge on the approved application lists for your organization? Do they know how to recognize the difference between fake and legitimate upgrade or threat messages on their pc? By allowing frontline staff to make independent I.T. decisions when they’re not trained I.T. professionals, you expose your organization to massive risks.
Removing these rights ensures that if a malicious actor sends a fake upgrade notice to your staff, they will be prompted for an administrative log in before being allowed to run the fake upgrade – which then allows your I.T. team a chance to catch the attack before it is launched.
Improving your small business cybersecurity is a process – the landscape is constantly changing, the threats are evolving, and it is difficult to keep staff engaged in a topic that is confusing and complicated. These 5 actions can help you improve your posture today – but they’re not silver bullets. If you would like help on navigating cybersecurity, and small business I.T. in general, Doberman is here to help. Schedule a free 1 hour consultation today by clicking here.
- 10 Stats About Learning Retention You’ll Want to Forget – Bridge (getbridge.com) – retrieved 6.25.2021