Having an online presence provides an opportunity for businesses of all sizes and from all over the world to reach out to a broader customer base, to hire international suppliers and to operate more efficiently. However, the world of online business also needs to overcome potential scams and security risks. Data breaches and cyber theft aren’t problems that are only faced by big companies. A successful cyber attack could seriously damage any business and cause financial problems for any company and its customers, while seriously damaging a business’s reputation
Cybersecurity continues to be one of the most challenging issues for small business owners. Thinking about cybersecurity can be extremely confusing and complex, but every business that uses the internet needs to create a culture of security that will improve business and enhance consumer confidence.
Information technology is a powerful tool for businesses to reach new markets and increase sales and productivity. However, cybersecurity threats are real, and businesses must implement the best tools and tactics available to protect themselves, their customers and their data.
Here are some basic cybersecurity tips to protect your business:
TRAIN EMPLOYEES IN CYBERSECURITY GUIDELINES
Develop an awareness and train employees about basic security practises and policies, such as strong password requirements and establishing appropriate guidelines for internet use. Introduce detailed rules of behaviour describing how to handle and protect customer information and other vital data. IF IN DOUBT, DO
NOT OPEN AN EMAIL
Malware and phishing scams are becoming increasingly sophisticated, so users should not open emails that appear suspicious or unusual. Remove these messages from your mailbox.
The same advice applies for links and attachments — don’t open them unless you’re absolutely sure of the source and the reason you received a link of attachment. If you receive an email about an issue or past due balance or refund, don’t follow the link – rather go directly to the website mentioned in the message and log in to your account there.
PASSWORDS AND AUTHENTICATION
Require employees to use unique passwords and to change them every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account.
It is important for many people to know that their personal or payment details are secure. It is also important for your customers to know that you do not share their details without their consent
PROTECT INFORMATION, COMPUTERS AND NETWORKS FROM CYBER-ATTACKS
Keep clean machines: having the latest security software, web browser and operating system are the best defences against viruses, malware and other online threats. Set antivirus software to run a scan after each update and install other key software updates as soon as they are available.
MAKE BACKUP COPIES OF IMPORTANT BUSINESS DATA AND INFORMATION
Regularly backup your data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files and accounts receivable/payable files. Backup data automatically if possible, or at least weekly, and store the copies either offline or in the cloud. PROVIDE FIREWALL SECURITY FOR YOUR
INTERNET CONNECTION
A firewall is a set of related machines or programs that prevent access to data on a private network from the internet. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home systems are also protected by a firewall.
SECURE YOUR WI-FI NETWORKS
If you have a Wi-Fi network for your workplace, make sure it is secure and hidden. Hiding your Wi-Fi network requires setting up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Also, be sure to use a strong password to protect access to the router.
CREATE A MOBILE DEVICE ACTION
PLAN Mobile devices may create significant security challenges, especially if they contain confidential information or can access the corporate network. Require users to password-protect their devices, encrypt their data and install security apps to prevent criminals from stealing information while the phone is on public networks.
CONTROL PHYSICAL ACCESS TO YOUR COMPUTERS AND CREATE USER ACCOUNTS FOR EACH EMPLOYEE
Prevent access or use of business computers by unauthorised individuals. Laptops can be easy targets for theft or can be lost, so lock them up when unattended and provide an additional access method (e.g. USB security key). Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel that need privileged access rights.
LIMIT EMPLOYEE ACCESS TO DATA AND INFORMATION AND LIMIT THE AUTHORITY TO INSTALL SOFTWARE
Do not provide any employee with access to all data systems. Employees should only be given access to the specific data systems they require to do their jobs and should not be able to install any software without permission.
PROTECT YOUR CUSTOMERS
It is important that you keep your customer database safe, regardless of its size. Aside from being a huge blow to your organisation’s reputation, there may be legal ramifications of losing customers’ personal information.
It is important for many people to know that their personal or payment details are secure. It is also important for your customers to know that you do not share their details without their consent.
HOST YOUR WEBPAGE AND SERVICES ON YOUR OWN DOMAIN NAME
It is essential that your business is known on the internet under a domain name. Every website or internet service starts with the domain name, without which you don’t have anything you own online.
Owning a domain name also allows you to put in place the necessary security measures and protect your business and customers of the services you offer.
If you implement those guidelines so they suit your business the best, you will be able to quickly recover from any incident. Take care of your systems and data, as the cost of data theft or data loss can be high and a safer work environment requires little effort and attention.
In today’s continually evolving threat landscape, there is no such thing as 100% secure, and in most cases, the target of the criminals is not your company, but those who have not put enough effort into protecting their systems and data.