Small business owners often don’t think about cybersecurity. It should be. 43% cyber-attacks on small businesses are targeted–since COVID-19 cyber-attacks have increased 300%. For very small businesses, protecting your business is often straightforward–avoid phishing scams and change passwords frequently. As your business grows, cybersecurity becomes more complex and important.
This glossary will help you to understand the terminology used in cybersecurity.
1. 1.Train Your Employees
The most important takeaway from this list is that 95% cyber-attacks are human-caused. An employee clicking a link in suspicious emails or an employee causing data damage can be attributed to human error.
It is important to make sure you and your employees are aware about potential threats. Then, be prepared for what to do in the event of a computer hack or other infection.
These are the key points to remember when creating a training program.
The Key Points
- What is a secure password?
- How can you avoid phishing or social engineering attacks?
- How can I surf online securely?
- How do you identify suspicious links?
- Contact information for those who suspect or are affected by a cyberattack.
- How can you secure your home network, especially for remote workers?
- What and when should you use approved cybersecurity programs such as password managers and antivirus?
Training should be continuous. There are always new threats and schemes. A monthly bulletin should be prepared about the latest threats. To check their preparedness, some businesses send out fake attacks such as an email phishing scam.
Training employees about email phishing scams
Phishing scams are the most prevalent cybersecurity threat to small businesses. These emails are designed to steal usernames and passwords as well as sensitive information like a credit card number.
This is the main reason small businesses face cybersecurity problems. Employees are often victims of scams and give out private information via email. These scams are increasing due to remote work.
One of the greatest threats currently is for hackers to imitate a boss’s emails and ask employees to buy gift cards or transfer money for an event.
You should train your employees to be suspicious about emails that ask them to send money or confidential information.
These are some common ways to spot phishing scams:
- Incorrect domain names or unfamiliar in the email address
- Emails that contain links that are unusual, long, or strange will not be opened. If you’re given a link for Amazon, hover over it and it should begin with “Amazon.com” not a variation.
Tip Verify the sender if you suspect that an email has been sent. To see the complete email address, hover the cursor over the name of the sender. Never respond to suspicious emails! Replying to suspicious emails alerts hackers to your active address.
2. 2. Protect your Passwords
Passwords can be compared to keys. You need to secure them. It’s much easier to get a duplicate of passwords than keys. Your employees and you must ensure that your password security is up to par so that anyone who gets your password can’t affect your business in any way.
First, don’t use the same password repeatedly. Create a unique password for each account.
Secure communication should be:
- At least 10 characters
- Add a number
- Both lowercase and capital letters are acceptable
- Special symbol (! @#$%)
- Do not include any personal information, such as birthdays or dog names.
These are the guidelines that you should be directing your employees to follow. Everybody should change their passwords, or at least the most important ones, every three months. This is something we’re all familiar with, but it’s important to make sure that the password you use has a different number at its end.
This process of managing passwords can be time-consuming. Password managers are trusted programs. RoboForm Business can remind employees to change passwords according to a set schedule.
You can also ask your IT manager to send reminders on a regular basis. Consider making password resets a regular task if you use project management software.
3. Antivirus Software Available
Antivirus software scans the internet and data to protect your computer from malware. It detects suspicious behavior and blocks malware. It could also alert you about other, less-important threats.
Remember to be aware of known malware and threats. You must keep your antivirus software up-to-date with the most recent information.
Although most operating systems have decent antivirus software, businesses should still purchase an additional program. It is better to purchase it than rely on freeware (a version that comes with every operating system).
Additional features such as firewalls, web security, password managers, VPNs are available to purchase programs. Antivirus software costs anywhere from $10 to $100 per year.
4. You must ensure that your website is HTTPS
HTTPS websites offer additional security by using encryption. This is important to protect your website from cyberattacks. Google also penalizes websites without this additional security.
Example of a warning for a website without an SSL certificate
You can use your SSL certificate if you have it already. This can be done by many web hosts for free or for a small charge.
If you are creating a new website for your business, the SSL certificate is likely already installed. This update is required for older websites.
5. Backup all data
While it won’t prevent a cyber-attack, backing up data will help you recover faster. It is important to have a backup system for all your business data. Many programs make it easy to do this automatically so that you and your employees don’t have to make copies.
An external hard drive, or server, can be used to backup and store data on-site. You can schedule backups to an external location with security programs such as Norton.
You can also choose to backup to the cloud. This cloud-based backup is more reliable than “cloud-based solutions” such as Office 365. It stores files in the cloud. Cloud-backups copy all data on a computer, unless you tell them what files to save.
Cloud-based backup solutions such as Carbonite work in the background, and employees are not aware of them. This protects your server from attacks and also prevents physical damage. Most cloud-servers store data in other locations. Cloud-based solutions should include both cybersecurity and licensing. This includes encryption, TLS protocols, and physical security.
Tip Employees should not set up cloud storage services for their work. These create security vulnerabilities that you cannot control. The company-approved cloud service should be used by employees. Cloud storage can be as low as $1 per gigabyte. If you’re attacked and need to rebuild information, cloud storage is invaluable.
6. Keep your website and software up-to-date
Sometimes people are unable to update software because they feel comfortable with the older version’s interface. Software companies, not just antivirus software providers, update their software to fix security holes they find in their programs.
It is important to keep your technology current, especially if you own a WordPress site. Hackers are known to infiltrate sites using outdated WordPress themes or plugins. You should log in at least once every three months to check for any updates if you manage your site.
7. Make a small business cybersecurity plan
Your business should have a plan for cybersecurity. The plan should outline what to do in case of a hack or threat to the business. It should address how to protect your servers and computers as well as how to deal with stolen vendor, employee and customer sensitive information.
It is important to have a plan, a team, and regular reviews to ensure that everyone can follow through if something does happen.
It’s important to keep the checklists and plan printed, as computer attacks can be very sophisticated.
In your cybersecurity plan, include the following:
- A team: At the minimum, you should have a leader, legal counsel and someone in IT. You also need a point-of-contact to get in touch with any other parties. Multiple roles can be played by one person.
- Other sources: These are people you can contact for outside assistance such as computer forensics specialists to repair the damage, marketers professionals to issue statements and your broker for cyber-insurance for loss claims.
- Who is potentially affected by your data breach? Think about your employees, customers, and vendors. Also, consider what privacy information you have for each.
- List other sensitive information: Are you a holder of confidential documents that could be compromised by hackers?
- List and deadlines of legal obligations: Who and when should you contact?
- Make checklists for specific breaches
- Date and time of the breach
- Who should be contacted
- A physical or virtual perimeter is created around the affected systems
- If necessary, take the affected system offline
- Interviewing people with critical information about the breach
- Make a copy of the affected system to fix it without damaging the assessment
- Take immediate actions to reduce damage and establish future protections
- Notifying federal, state, and local government agencies about the breach
- Recovery metrics These are your milestones and goals, which you use to report to your board of directors or customers as required.
Tip Make sure that your small business cybersecurity plan includes steps to restore systems and preserve evidence for further investigation. It is crucial to keep daily backups of your data.
8. Secure Wi-Fi
Secure Wi-Fi helps protect against online threats. It encrypts and password-protects your internet connection. You must ensure that your public Wi-Fi is secure. You will typically need to purchase an additional Wi-Fi feature modem from your internet provider in order to achieve this level of security.
Secure Wi-Fi can also alert you if you attempt to navigate to dangerous websites. It prevents malicious traffic and unwanted remote access from any device, including smartphones. This is an addition to antivirus software and not a replacement.
It’s easy to use smartphones and tablets to work, but employees should be discouraged from using public Wi-Fi.
Hackers can hack into computers using public Wi-Fi that is not secured. You should not trust public Wi-Fi that is secure. It is impossible to know what level of security the Wi-Fi provider provides or what it is recording.
9. 9. Get a VPN Service
VPN (virtual private networks) are a method to protect an internet connection over a public connection.
You should consider a VPN for employees who work remotely and have sensitive data. It provides a secure tunnel between the remote server and the home user. VPNs mask your employee’s IP address, making it more difficult for hackers to access private information.
Avoid free VPN services that may offer you anonymity. These VPNs often make money by selling your data on to third parties.
10. Protect all devices
Secure all company tablets and smartphones. If possible, provide employees with business devices. This separation of business and personal keeps confidential business data off employees’ personal devices.
Employees should not store business information on any devices they share with their family, friends, and/or housemates if this is impossible. Employees should also ensure that their devices are secured with a password or pin number. Encourage employees to use the same level security on personal devices that they do at work.
- Keep your programs current
- When possible, use encryption
- Backup data
- Antivirus software is a must
11. Cyber Liability Insurance
Cyber liability insurance protects businesses against losses and damage due to cyberattacks or data breaches.
Cyber insurance is an option if:
- Take advantage of credit card payments
- Keep confidential information that is important to your company safe
- High risk due to at-home workers
Prices will vary depending on the level of risk and coverage chosen. For small businesses with moderate risk, the annual cost is typically between $1,000 and $2,500.
Cyber liability insurance covers can be of two types:
- First-party coverage covers costs incurred by your company such as customer notification, forensic service to repair the damage or lost income due to halting operations while you solve the problem. This may be covered by your business insurance.
- Your customers may suffer losses through third-party liability. These expenses include attorney fees and settlements against you company, government fines and defense before regulatory board.
Cybersecurity can be complex. A managed security provider can handle your cybersecurity if you are a medium-sized company. It can help with:
- Installing firewalls
- Antivirus protection
- Training employees
- Managing mobile devices
- Multi-factor authentication
- Backup and Recovery
- Assessment of network vulnerabilities
You can hire a consultant firm to examine your security system and find any weaknesses if security is a concern.
Do your research and find a company that is well-known in your country before you hire a cybersecurity provider. It will vary depending on what services you need, but it may be less expensive than a full-time IT professional.
Other Small Business Cybersecurity Tips
- Limit access to equipment : Particularly computers that contain sensitive information. You might consider a check-out and check-in process to equipment.
- Set permissions: Limit employees’ access to program or information.
- Turn off computers Every day: Make sure employees turn off their computers or lock them before they leave for lunch or the next day.
- Ask employees at-home to change their Wi-Fi passwords. Employees who use their personal Wi Fi to log on to work computers from home will need to be able to access it securely.
- Unique usernames should be used for each account. Although it may take more effort to create unique usernames for each account, you would not want the same username for multiple accounts if any were to be compromised.
- When possible, use 2-factor authorization This is when a second step to a login is added after the first one–a text message, phone call or email–to verify the user’s identity.
Glossary of Cybersecurity Terminology
- Unwanted Advertising:Unwanted advertisements that appears repeatedly on a screen. It is often hard to remove.
- Botnet Attack:Malicious software allows hackers to access your network without you knowing, such as sending spam.
- Breach When a hacker exploits a security flaw in a computer, device or network and gains access to its files and network.
- Browser Hijacker is Malware which modifies the settings of a web browser without user permission. It can insert unwanted advertising in the browser, replace homepages and search pages with the hijacker’s page.
- DDoS –Distributed Deny of Service Attack – Flooding a website or server with malicious traffic to render it inaccessible.
- Firewall isHardware that prevents unwanted programs from invading computers or networks.
- IP: A unique internet number that is specific to your location, similar to a home address but for your computer.
- Keyloggers Surveillance: Surveillance records keystrokes in order to find passwords and sensitive information.
- Malware Software that aims to harm users or the software they are running.
- Phishing is A technique to obtain sensitive information. Commonly, an email pretending to be someone else and asking for financial details.
- Ransomware These programs lock victims out of their computers and often demand money to unlock them.
- Spam – Another name to refer to unsolicited emails
- Spyware is Software that allows a user to steal sensitive information from a computer’s hard drive.
- Trojan Horse This program can look legitimate, but it can overtake your computer and disrupt, steal or damage your data.
- Viruses A piece of code that copies itself and corrupts data, programs, or systems.
- VPN: This tool masks your IP address and encrypts all your data to keep you anonymous online.
- Worms A program which spreads to other computers and causes damage to yours.
Cybersecurity can be easy to forget. It is rarely a problem until it is too late. Cyber-attacks cost an average $57,000. Small businesses cannot afford this, especially now. To protect your networks and information, it’s worthwhile to invest in antivirus and password managers. Make sure your employees are trained in the most popular schemes and kept up-to-date on current threats.