As businesses increasingly store confidential information and data in cloud services, the need for more complex security practices and strategies is clear.
Although headlines about security breaches are more common for large companies like Home Depot and Target, the threat of cyber crime is still very real for small businesses, where online security tends to be weaker.
The problem, of course, is that small businesses often lack the necessary resources and security policies to defend against these attacks, making them an easier target for hackers. In addition, because cyber criminals are increasingly effective, and their techniques are evolving quickly, your business is always at risk of an attack. According to cyber security and technology strategist Elena Kvochko, "Over 80 percent of small businesses in the United States use cloud services, and therefore are vulnerable to cyber attacks."
"The primary concerns for [businesses] are security of customer information and intellectual property and extortion of information that can be used for financial gain," Kvochko says. "[Businesses] can also unknowingly become platforms for attacks on other organizations and their customers.” In the face of these threats, your organization should adopt and implement companywide security policies to minimize your weaknesses. Start with the following tips and conduct research on evolving techniques that fit your company's unique profile and the lessons you've already learned along the way.
1. Manage email security and validate potential threats.
Look to deter break-ins from opportunity theft by encrypting your company emails and communications. This will force a hacker to fight through another layer of protection, and that generally isn’t worth their time when they can steal other information elsewhere without the hassle. Think of email encryption as the equivalent to locking your car doors, the theory being that a burglar is more likely to look for an unlocked door than bother breaking a window. While you're not entirely secure, every additional roadblock can help protect your information.
2. Enforce strict password policies.
The next step to prevent cybercrime starts with securing your most vulnerable assets, your staff. Train employees on the importance of using smarter passwords, which are crucial to upgrading cyber security. Although longer, complex and difficult passwords may seem like a hassle to your employees, you should still create a company policy to mandate them.
Passwords should never be the same across multiple platforms, and it’s best to change them often -- every three months at a minimum. In addition, passwords should not be stored in the cloud or on sticky notes around the office. Instead, consider using a password management software platform such as 1Password, PassPack and LastPass. Although these cost a nominal fee, the peace of mind from being better protected from a cyber attack is generally worth the price.
You can further increase the security of your passwords by using two-factor authentication features, when applicable. These features make users enter an additional pin code that can be sent to your mobile device, and some require users to input their fingerprint to grant access, something that is difficult for hackers to replicate. Authentication that uses these extra steps can better secure your online accounts beyond the basic login identification and password requirements.
Many online services such as Facebook, Google’s Gmail, Twitter and Dropbox offer these security precautions, but you’ll need to enable these features within each channel’s privacy settings. These settings differ platform to platform and may be difficult to find. You should aim to fully understand how each privacy setting works to leverage these features to best protect your intellectual property through each one of your business accounts.
3. Further train your employees on the warning signs.
Every employee should also be trained on understanding the warning signs of a harmful email or phishing scam. While email providers are continually improving their detection procedures and doing a better job at spotting these potential threats before you receive them, some of the trickier scams can still find their way into your inbox. These emails may be disguised as a trusted client’s email or a recognizable brand, but these scams tend to have a few dead giveaways.
Some red flags include emails that ask for personal or credit card information, requests for immediate action regarding unfamiliar situations and emails that include suspicious attachments. If you think that you have received any of these emails, ask a colleague for another opinion but never forward or reply to the email. Inform your email service provider by reporting each email as spam. Also file a phishing complaint or blacklist the domain from your email settings.
Emails that contain multiple spelling mistakes or suspicious links should also be carefully inspected before proceeding. Sometimes links within an email can appear to be normal but actually prompt an unwanted download where malicious software can be installed; always use caution and consider scanning your emails with a trusted anti-virus software.
4. Take advantage of malware, spyware and firewall software programs.
In addition, mandate that each machine used for company business have malware, spyware and firewall software installed to help catch and eliminate threats before they become problematic. "While it is not possible to be absolutely secure," Kvocho says, "there are multiple ways small businesses can better protect themselves or mitigate the potential impact of cyber attacks by testing their security systems, protecting their network and apps, encrypting sensitive data and protecting websites by using a secure communication protocol."
What steps have you taken to improve your cyber security? What areas do you think small businesses struggle with the most when managing their online security? Put your answers and any feedback in the comments section below.
