Idan Udi Edry, current CEO of Trustifi, a SaaS cyber security company specializing in email security and encryption, is an experienced industry leader that will share his insight on the best cyber security practices for small business.
Small businesses often would rather risk a cyber-attack than invest in cyber security. This is an extremely high-risk position to take given 43% of cyber attacks target small business and 60% of small businesses close their doors within six months of a cyber-attack. If investing in cyber security keeps doors open, why don’t more small business owners integrate cyber security into their business model? Lack of awareness and an absence of knowledge of where to begin. This article will offer five cyber security practices small business can implement today, while also recommending additional steps to take.
The most basic and also most ignored cyber security practice is maintaining a strong password. Weak passwords make it easy for cyber criminals to hack accounts, wreaking insurmountable havoc. A unique password should be utilized for every account and not reused. The strongest passwords are a series of random numbers, upper and lowercase letters, and special characters. Passwords should never include a significant word, such as a pet’s name, or a significant date, such as a birthdate. It is important to update passwords every 30-90 days. Never write passwords down on a piece of paper or in a computer document, this creates the possibility of an inside threat to gain access to accounts. Instead, consider investing in a password keeper, either online or through a mobile app.
Whenever possible, turn on two-step or multi-step verification for all accounts. This added layer of security increases the difficulty of access. Cyber criminals are often solely motivated by money and seeking the quickest route to a profit. An additional verification step encourages cyber criminals to switch to an easier target. When possible, a code sent via text or a second password/pin is the most secure option as a secondary verification. It is easy for cyber criminals to figure out security questions or identify recovery emails and numbers, rendering the secondary verification useless.
Network security may surpass the abilities of many small business owners; however, they should possess some awareness. Standards that must be met include ensuring the network is private, servers are protected by firewalls, and anti-virus/malware software is utilized. It’s also critical to update software as soon as updates are released. Cyber criminals seek vulnerabilities in dated software to carry out their attacks. This year’s infamous WannaCry attack targeted a vulnerability in the Windows operating system, all computer’s that had not updated were susceptible to the attack, and approximately over 300,000 computers worldwide were infected.
Create a Cyber Security Culture
Cyber security shouldn’t be delegated to one person or to the IT department, it takes buy-in from the entire company. All employees must follow cyber security protocols and be vigilant and aware of cyber attacks. A company is only as secure as the weakest link. Therefore, it’s crucial that everyone maintains strong passwords, uses multi-factor verification, and updates their software promptly. Employees should be reminded to only visit trusted websites and never download third party applications. Keep cyber security top of mind by discussing security breaches in the news with employees and reviewing protocols at least twice annually and during orientation of new employees.
Email is an immense vulnerability for all organizations due to the prevalence of phishing attacks. Phishing is a cyber-attack conducted through email that contains either a malicious link or file that when clicked, begins downloading malware onto the computer. The malware is commonly in the form of ransomware, and encrypts the data on the computer and demands a ransom paid via a crypto currency such as bitcoin to receive a code to regain access to the files. Employees should be educated on phishing attacks, report all suspicious email activity, and never click on links or files from untrusted senders.
Another risk email poses, is the amount of sensitive information stored within messages. If a cyber criminal were to gain access they could potentially find a treasure trove of personal, medical, financial, and proprietary information. Sending sensitive information via email is extremely unsecure and should be avoided unless an email encryption and security service is used.
Small business can begin implementing suggestions regarding passwords, multi-factor authentication, network security, cyber security culture, and email hygiene today. However, in order to ensure their doors stay open, small business should take additional cyber security steps. Cyber criminals will unfortunately always be able to find a way into an organization. Instead of investing in keeping cyber criminals out, organizations should focus on protecting the data within their bounds through encryption and use of backup servers. Through use of encryption and backups, if a cyber criminal gains access, all the data they steal will be useless and can’t be held for ransom. In order to protect information exchanged via email that’s not protected by the organization’s server, small business should consider investing in an email encryption and security service such as Trustifi. Small businesses should also consider hiring a full-time cyber security position or at least have a security audit completed and follow-up on recommendations received.
Between April 2016 and 2017, over half of all small businesses in the United States experienced a cyber-attack, only a third of them were prepared. Cyber security is not an investment small business can fail to make, preparation for a cyber-attack needs to begin today.