As a small or medium-sized business (SMB), you may be under the impression that you don’t have many security needs or that your business isn’t at risk. The truth is, SMBs are more susceptible to security breaches. According to a recent study, 58% of victims affected by a cyberattack were small businesses.
Think of cybersecurity like you would your material property: when you have a car, you lock doors and take steps so you’re protected. The same thing is true of your online presence as a small business. You need to take precautions to safeguard your data and the data of your customers.
According to a survey by the Better Business Bureau, 70% of consumers felt it was important that businesses protect their personal information. With the amount of sensitive information that website visitors share online, it’s more critical than ever to ensure your website is secure and your visitors feel confident that their digital footprint is protected.
Ensuring your business is protected from cyber threats doesn’t have to be an overly time-consuming or costly endeavor. To help you get started with enhancing your efforts to keep your customers and your business safe, consider these essential cybersecurity tips for your small business.
The Better Business Bureau survey highlighted that many SMBs don’t necessarily see cybersecurity as a critical need for their business. In 2017, only 20% of businesses indicated they had some sort of protocol in place for conducting internal audits or threat assessments in regards to their cybersecurity. But in order to keep your small business protected, it’s critical to follow and implement established cybersecurity best practices.
One of the most common ways an SMB’s security is breached is through inadvertent employee error. This is why providing training on the appropriate use of company resources for all employees—regardless of their job function—is critical to keeping your business safe.
When building your cybersecurity best practices, you should have specific policies in place for handling sensitive customer information and secure payments. Your customers are counting on you to keep their data safe and your policies should reflect that as a top priority.
Security practices are an area of your business that require regular review. As technology evolves, so does the sophistication of cybercriminals and their ability to exploit newfound vulnerabilities.
Decide on a timeline for ongoing review of your security practices (like at least every 90 days) and consider the following:
Secure Sockets Layer (SSL) is a technology that protects the sensitive data on your website using encryption. With an SSL Certificate security product, encryption occurs between your website, it’s hosting and the web browser as they send information back and forth.
SSL Certificate files are installed on the server that hosts your website. Trusted hosting providers are able to download and auto-install SSL certificates on their server, which saves you time and ensures everything is implemented correctly.
The main purpose of an SSL Certificate is to encrypt the exchange of information and show your website visitors that your site is secure. Your website visitors want to know that when they provide you with personal data (like credit card information), that their information is safer transmitting across the internet. Visitors will know if your website is not secure, as website browsers will show a “not secure” warning if an SSL Certificate is not installed.
To find out if a website is secure, customers will be on the lookout for:
#3. Be Password Savvy
When it comes to passwords, there’s no disputing that the best password is a secure password. According to the Better Business Bureau, 33% of businesses surveyed said that when under a cyber attack, cybercriminals most often targeted their passwords and other authentication data. This clearly illustrates how something as simple as improper handling of passwords or login credentials can leave your business open to an attack.
The strongest passwords include 8 to 10 characters, numbers, symbols and a mix of upper and lowercase letters. Your systems should require a password update every 90 days for everyone within the organization.
Passwords should never be written down by your employees, nor should they be shared. Each employee should have their own accounts and login credentials, as shared passwords automatically open up the organization to a potential security breach.
Multi-factor authentication is another key piece to password security. This type of authentication acts as an additional layer of security that requires users to complete an additional step to authenticate their identity at the time of login or before completing specific transactions. This extra layer makes it more difficult for an unauthorized user to gain access to sensitive data or your network.
If your business doesn’t have a dedicated IT resource, you’ll still need to designate an administrator who can act as the gatekeeper for granting access and securing passwords for all systems.
One of your best defenses against online threats, viruses and malware is having the latest security patches for your operating systems, web browsers and software.
This starts with installing security updates as soon as they’re available. Older versions of systems, apps and software are easier to hack, as criminals have figured out how to exploit vulnerabilities. These vulnerabilities are regularly patched in system and software updates.
Your software and hardware providers should offer the option to receive notifications of patches and updates so you can implement them in a timely manner. Consider managed security solution hosting providers that will automatically install updates, like upgrading your version of Wordpress or plugins on your website.
One final step is to install a malware scanning tool to check your website pages daily and after each update to spot any potential access points.
One of the biggest disruptions any SMB can experience is the loss of data, which is why you need a plan in place to continually back up your critical information. Loss of customer data, website images or files and other key business information can end up costing your business an enormous amount of time and money.
Human error is all too common. If one press of a (wrong) button someone could wipe out critical files, you’re leaving your business in a precarious position. While human error isn’t the only way data or images can get deleted or lost, it’s one of the more likely scenarios. Regular backups ensure that you can easily recover your data if something goes wrong or your system is breached.
Hackers may target your website for many reasons, including attempting to steal or deface your information. A common tactic is to target the administrator profile so you’re locked out and they’re in control. Regularly backing up data to the cloud means you’ll be able to replace whatever was lost or damaged in the event of a hack.
Check with your hosting provider to see what sort of backup they offer, as this will add an additional layer of security for your SMB.
If your business operates a WiFi network, it needs to be hidden, encrypted and secured with a password. Your router or wireless access point should be hidden so the Service Set Identifier (SSID) can’t be seen by anyone searching for a network name.
You can secure your WiFi network with a strong password that gets updated regularly. We recommend setting a reminder at set intervals (like quarterly) so it doesn’t accidentally get skipped.
If you run a business that offers WiFi (like a coffee shop) consider having two different access points: one that’s protected and used by your business and a public WiFi open access point that your customers can login to. This will help protect your network and data so it is less vulnerable to attacks.
Also, if your company has a Virtual Private Network (VPN) always log in before using public WiFi connections.
If you use a web hosting service, it’s important to take the time to understand their security practices so your business is protected online. Choose a web host that offers both customer and technical support in the event you need assistance or have questions. Should a problem arise, you will have an expert only a phone call away to walk you through a fix.
Additionally, find a hosting provider that offers website backup for your files in case files get corrupted. Losing valuable data can be devastating for your business, but having a backup in place can help save time, money and energy if something goes wrong.
Shared hosting is cost-effective, however, your business is sharing hosting space with many other customers. Picture an apartment building. The main entrance to the building is locked so intruders can’t get in. If you happen to leave the door of your apartment open, the other residents (who have already made it past the locked entry) now have access to your personal space. The same idea applies to shared hosting.
Finally, should you choose to operate a self-hosted website, it will still need to be managed continuously as new threats are constantly emerging.
To keep sensitive information secure, your employees should only have access to the systems they require to do their jobs.
Any sensitive information within the organization, such as customer details (including personal information or payment information) or financial and banking details should have layered security. Aim to use multiple layers of security, including encryption and additional passwords.
Employees shouldn’t have the ability to install software without permission from the network administrator. This measure can help prevent viruses or malware from being accidentally installed on the network by a well-intentioned employee. If someone requires specific software, they should outreach the IT administrator for access.
As a small business, your employees are most likely using their own mobile phones or laptops for business purposes.
Your business should have policies to allow the Network Administrator to make sure personal devices used for business have automatic security updates and require password changes at regular intervals.
To enhance security, have a formal “bring your own device” policy that outlines the expectations and requirements for anyone using their personal device.
If the idea of tackling all of these items at once feels overwhelming, step back and take some time to build your SMB’s cybersecurity plan. Check with your vendors such as your website host to see what security is already in place and then prioritize which areas of cybersecurity are most critical for your business to implement.
Want to enhance your website security? Check out how Web.com can help get your cybersecurity needs handled.
BBB Cybersecurity Official Website
National Cybersecurity Official Website