Your Cybersecurity Survival List
This last week of National Cyber Security Awareness Month (NCSAM), the focus has been on small businesses and the part they play in the great cyber debate. Let’s sum it up. By taking a look at the numbers, evaluating research, and gleaning advice, we can help your business to flex in the shifting winds.
Especially as a small business owner, coping with a gargantuan threat on a shoestring budget can seem an impossible—yet imperative—task. Zinc can help. With tips and pointers, we aim to calm your nerves and provide direction. So carry on, and know that we’ve got your back.
- Reinvention is key: A change every 30-60 days can effectively nullify a “brute force” attack
- Avoid dictionary words and sequential numbers. Instead, mix letters, symbols and numbers
- Remembering a strong password can be hard. Solution—Use an acronym, or other mnemonic device: My cat’s birthday is 30 December, 2008 becomes Mcbi30/Dec,8 or MiK^t’sBrthd8iz301208
- Longer is better—each additional character increases password strength exponentially; use eight characters at least, more if possible
- Diversify—separate accounts need different passwords
- NEVER write down your password. Be stealthy, and keep it safe
2. Two-factor Authentication
- Depending upon the system used, two-factor authentication may be built-in—Activate it!
- Two-factor can be: Something you know (password, pattern), have (phone, key fob), or are (voice, fingerprint)
- USB is popular, but Bluetooth and biometrics options are on the rise
3. Software Updates and Patches
45% of small business owners feel that malware or a virus poses the biggest threat to their business. You don’t say?
- Be aware of threats: Proactively seek information from IT professionals
- Install official system updates and patches ASAP—Hackers have means of detecting if there are holes in your system
- A minor inconvenience today could forestall a major catastrophe tomorrow: cutting corners when it comes to updates can be an attacker’s ticket in
4. Data Protection
An area in which discrimination is encouraged: When data exposure is at stake, less is more.
- Encrypt sensitive (i.e., personal, financial, inside) information—Even if loss occurs, data will be inaccessible
- Limit the number of employees with credentials to access critical client and company data to only those absolutely necessary
- Be as diligent as cyber criminals—“Security” on autopilot is not enough
5. Public Wi-Fi
On the opposite end of the data security spectrum, an equally cautious approach is needed.
- If a network is unsecured, shy away—Don’t be misled: even amateur hackers can easily invade your device
- ONLY send data via encrypted (https) sites
- Opt for a mobile website (https) vs. a mobile app—Your safety is more assured via encrypted data
- Change wireless settings to a manual network search: Your device’s auto-connect can easily be fooled by a malicious outsider
6. BYOD Dangers
Personal devices are vulnerable, as security is completely dependent on the user. Surprisingly, only 25% of small businesses have mobile/remote policies in place.
- Popular “thumb” USB drives are a quick and easy way to transmit infectious malware, potentially exposing sensitive data—Yet 55% of small business owners permit their use
- Protect your device with a strong password, and always lock when it’s not in use
- Sync often to backup & cleanup your device
- Log out from accounts when finished—Always. A session left open may be picked up and used to assume your privileges.
7. Communicate with IT Staff
Technically inclined employees are your best assets—They understand your company’s security needs, and are vested in its success.
- Communicate often, openly, and intelligibly
- Work with your staff to develop a realistic, comprehensive incident response plan
8. Teach, Don’t Tell
Yes, cybersecurity is Our Shared Responsibility, but company leaders can set the tone.
- Understand the dangers, develop a company-specific Internet/mobile/social media use policy
- Be a conscientious employer: Use in-office signage and targeted training to foster awareness
- Walk the walk: When you take cyber threats seriously and respond in kind, employees will too
- Taking the time to offer an explanation for your policies may prove to be time well spent—Security will outweigh convenience only when the danger is fully understood
Those Who Worry are Wary but Less Weary
Hackers know that 60% of small businesses that suffer an attack will be out of business in six months—They read the same reports we do. Cyber crooks also know that the majority of small business owners are not worried about the effects of a data breach on their company, because they refuse to believe it could happen. Denial and indifference make your business the perfect “low-hanging fruit”—easily accessible with little or no effort.
Your business is worth more than you may know. Taking the above tips into account, and looking into the merit of a viable cybersecurity insurance plan, you will be well positioned to weather the storm when it comes. Ultimately, a shift in thought can only serve to benefit your business, employees and clients. Not to mention your own peace of mind.
We know there is much to discuss, and you may have lingering questions. Drop a line, shoot an email, generally: Get in touch. Zinc is ready to talk.