Small Business Cybersecurity Checklist
From noteworthy data breaches to rapid increases in the number of ransomware threats, it’s no surprise that cybersecurity has become a major concern for companies. But the myth that cybercriminals only target large corporations is just that—a myth. In fact, 61 percent of data breaches happen to businesses with fewer than 1,000 employees.
Data breaches, hacks and ransomware can have devastating effects on small and medium-sized businesses, often causing loss of reputation, clients, and revenue that may ultimately force the company to close. Although there is no guaranteed way to prevent a cyberattack, you can strengthen your business’s cyber defenses with these ten tips.
1. Use strong passwords. Eighty-one percent of hacking-related data breaches leverage weak passwords. Employee passwords should expire every 90 days and be required to have at least eight characters, be alphanumeric and contain symbols—this practice may cut down on the likelihood of their user accounts being hacked.
2. Backup your data regularly. Data backups are essential and keep your business up and running in the event of a cyberattack. Verify the integrity of your backups and make sure to test your restoration process to ensure it works.
3. Secure your offline backups. If your network is infected with ransomware, a backup may be the only way to recover your data. Ensure your backups are properly segmented or have a solution that protects against this.
4. Have a next-gen firewall. Protect your network and data by configuring your firewall to block access to malicious IP addresses. Next-gen antivirus technology can inspect files, identify malicious behavior, and block attacks that exploit computer memory and scripting languages.
5. Logically separate your networks. Malware can infect multiple devices and servers if they’re on the same network. Hosting your hardware on separate networks can prevent the spread of malware throughout your business.
6. Patch operating systems, software, and firmware on all devices. Consider using a centralized patch management system to ensure all your systems and devices stay updated.
7. Implement an awareness and training program. End users are targeted by cybercriminals and often fall victim to phishing attempts. Educate everyone in your organization about social engineering and the threat of ransomware.
8. Scan all incoming and outgoing emails. Detect threats and filter executable (.exe) files from reaching end users by scanning your business’s email communication.
9. Block ads. Reduce your risk of picking up ransomware through malicious advertisements by blocking ads or access to certain sites.
10. Limit access within your network. If infected, users with administrative access could spread malware throughout your network. Users shouldn’t be assigned administrative access unless it is necessary.