Best Cyber Security Practices for Small Businesses

Idan Udi Edry, current CEO of Trustifi, a SaaS cyber security company specializing in email security and encryption, is an experienced industry leader that will share his insight on the best cyber security practices for small business.

Best Cyber Security Practices for Small Businesses

Small businesses often would rather risk a cyber-attack than invest in cyber security. This is an extremely high-risk position to take given 43% of cyber attacks target small business and 60% of small businesses close their doors within six months of a cyber-attack. If investing in cyber security keeps doors open, why don’t more small business owners integrate cyber security into their business model? Lack of awareness and an absence of knowledge of where to begin. This article will offer five cyber security practices small business can implement today, while also recommending additional steps to take.

Password Protection

The most basic and also most ignored cyber security practice is maintaining a strong password. Weak passwords make it easy for cyber criminals to hack accounts, wreaking insurmountable havoc. A unique password should be utilized for every account and not reused. The strongest passwords are a series of random numbers, upper and lowercase letters, and special characters. Passwords should never include a significant word, such as a pet’s name, or a significant date, such as a birthdate. It is important to update passwords every 30-90 days. Never write passwords down on a piece of paper or in a computer document, this creates the possibility of an inside threat to gain access to accounts. Instead, consider investing in a password keeper, either online or through a mobile app.

Additional Verification

Whenever possible, turn on two-step or multi-step verification for all accounts. This added layer of security increases the difficulty of access. Cyber criminals are often solely motivated by money and seeking the quickest route to a profit. An additional verification step encourages cyber criminals to switch to an easier target. When possible, a code sent via text or a second password/pin is the most secure option as a secondary verification. It is easy for cyber criminals to figure out security questions or identify recovery emails and numbers, rendering the secondary verification useless.

Secure Network

Network security may surpass the abilities of many small business owners; however, they should possess some awareness. Standards that must be met include ensuring the network is private, servers are protected by firewalls, and anti-virus/malware software is utilized. It’s also critical to update software as soon as updates are released. Cyber criminals seek vulnerabilities in dated software to carry out their attacks. This year’s infamous WannaCry attack targeted a vulnerability in the Windows operating system, all computer’s that had not updated were susceptible to the attack, and approximately over 300,000 computers worldwide were infected.

Create a Cyber Security Culture

Cyber security shouldn’t be delegated to one person or to the IT department, it takes buy-in from the entire company. All employees must follow cyber security protocols and be vigilant and aware of cyber attacks. A company is only as secure as the weakest link. Therefore, it’s crucial that everyone maintains strong passwords, uses multi-factor verification, and updates their software promptly. Employees should be reminded to only visit trusted websites and never download third party applications. Keep cyber security top of mind by discussing security breaches in the news with employees and reviewing protocols at least twice annually and during orientation of new employees.

Email Hygiene

Email is an immense vulnerability for all organizations due to the prevalence of phishing attacks. Phishing is a cyber-attack conducted through email that contains either a malicious link or file that when clicked, begins downloading malware onto the computer. The malware is commonly in the form of ransomware, and encrypts the data on the computer and demands a ransom paid via a crypto currency such as bitcoin to receive a code to regain access to the files. Employees should be educated on phishing attacks, report all suspicious email activity, and never click on links or files from untrusted senders.

Another risk email poses, is the amount of sensitive information stored within messages. If a cyber criminal were to gain access they could potentially find a treasure trove of personal, medical, financial, and proprietary information. Sending sensitive information via email is extremely unsecure and should be avoided unless an email encryption and security service is used.

Additional Measures

Small business can begin implementing suggestions regarding passwords, multi-factor authentication, network security, cyber security culture, and email hygiene today. However, in order to ensure their doors stay open, small business should take additional cyber security steps. Cyber criminals will unfortunately always be able to find a way into an organization. Instead of investing in keeping cyber criminals out, organizations should focus on protecting the data within their bounds through encryption and use of backup servers. Through use of encryption and backups, if a cyber criminal gains access, all the data they steal will be useless and can’t be held for ransom. In order to protect information exchanged via email that’s not protected by the organization’s server, small business should consider investing in an email encryption and security service such as Trustifi. Small businesses should also consider hiring a full-time cyber security position or at least have a security audit completed and follow-up on recommendations received.

Conclusion

Between April 2016 and 2017, over half of all small businesses in the United States experienced a cyber-attack, only a third of them were prepared. Cyber security is not an investment small business can fail to make, preparation for a cyber-attack needs to begin today.

READ MORE:
Two-Factor Bypass: Real Time Phishing and How to Protect Your Company
How to Create a Culture of Security Awareness
Rethink Your Approach to Passwords and Security Questions

Idan Udi Edry

Idan Udi Edry

Idan Udi Edry is the newly announced CEO of Trustifi, a cyber security company specializing in email encryption services and security. Edry is a distinguished veteran in the fields of information technology and data security, as well as an experienced leader driving innovation and execution at scale. Formerly the CEO of Nation-E, a leading company in cyber security for critical infrastructure, Edry spearheaded the organization’s efforts to build technologies that enable the next generation of industrial infrastructure and smart grid environments.

Prior to his time at Nation-E, Edry gained significant industry experience as Head of Data and Security for Pelephone, Israel’s leading cellular operator. He led special strategic projects for numerous governmental agencies and organizations, working closely with high-ranking officials. His career trajectory at Pelephone allowed Edry to establish himself not only as an expert professionally but also as a customer-facing business leader.

Edry had the opportunity to gain unique skills and expertise while serving as an Air Force Officer for over eight years, reaching the rank of Captain. During his tenure, he led hundreds of professionally trained military personnel, building and operating advanced information systems. Mr. Edry has mastered multiple disciplines and has accumulated 13 formal certifications from the world’s most renowned IT and Telecommunications institutes.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *