Cybersecurity 101 for Business: What You Need to Know
Small businesses are an easy target for hackers. Because they typically have a moderate amount of data and minimal security, they are at constant risk of a cyberattack that could put them out of business. In fact, more than 60% of companies go out of business after an attack. To arm yourself before an attack, know the basics of cybersecurity.
At the April MAP Alliance, Josh McKinney, CIO and head of security at Edge Networks, explained the essential, but often overlooked, steps a business can take to make sure it’s secure. “You don’t have to be an expert about cybersecurity to create a plan for your business,” said McKinney. “It’s all about building security in from the beginning.”
McKinney recommended these basic cybersecurity tips:
Tip 1: Create passphrases instead of passwords.
“Strong passwords are good, but passphrases are better,” said McKinney. Password strength relies on a variety of lower and upper case letters, symbols and numbers. This can make them difficult to remember. Most people will resort to an easier password in the end. That’s what hackers are waiting for. Passphrases are more difficult to crack yet easy to remember. Unlike passwords, passphrases can contain spaces between words, such as “If you’re happy and you know it,” which satisfies the complex requirements. McKinney recommended changing passphrases every 90 days and never leaving them in plain site on your desk or under your keyboard.
Tip 2: Use a password manager.
Even with a strong password or passphrase, it can still be difficult to remember multiple passwords for all of your accounts. McKinney suggested using a password manager for multiple accounts. With a password manager, you generally have to create and remember just one strong password or phrase, and the password manager takes care of the rest. He recommended Dashlane, LastPass or KeePass.
Tip 3: Switch to next generation anti-virus/malware products.
Traditional anti-virus products are signature based, meaning they look for a match of a known file name to discover threats on your systems. Next Generation anti-virus products are powered by artificial intelligence and machine learning, meaning they look for behavior that is outside the normal operation of your systems and learn dynamically, then respond to the threat accordingly. As viruses evolve, anti-virus protection also needs to evolve. McKinney recommended Cylance or Carbon Black.
Tip 4: Back up your data.
This should go without saying, but backing up your critical data is vital to ensuring you survive a malware or ransomware attack. Sending data offsite can ensure a smoother recovery. While most people know this tip, a surprising number still don’t do it—and before they know it, it’s too late. McKinney recommended using a cloud-based system or an offsite location such as Acronis, Carbonite or CloudBerry Lab. And always test your backup.
Tip 5: Don’t rely too much on your “IT guy”.
Nowadays, most companies have an “IT guy”—the person in charge of the technology side of things. But most small business owners rely too heavily on the “IT guy” to keep things secure. McKinney warned, “Most “IT” guys are not security professionals by trade. They may not be educated in the ways of securing your business.” Take time to ask your IT team what they use for cybersecurity and then research if that’s the best option for your business.
Tip 6: Get your employees involved.
Human error is responsible for 87% of cybersecurity breaches. “Your employees are the weakest link when it comes to cybersecurity,” said McKinney. “Criminals don’t hack systems. They hack people.” Build cybersecurity into your company culture. Host cybersecurity training events. Send out weekly emails reminding employees of best practices—for example, don’t click on suspicious links in email, and don’t access stray USB drives on a company computer.
On top of the basics, McKinney reminded listeners to look for the green “lock” icon in the address bar of any website, which means the site is secure.
If your business experiences an attack, you have three options:
- Restore your data through a backup system.
- Catch it before it executes.
- If all else fails, remember that sometimes you have to pay the ransom to get your data back.
Want to make sure your business is secure? Have a third party perform a cybersecurity assessment to help you stay informed, know your weaknesses and make a plan.
Originally published on WSU Vancouver Business Department webpage