Security best practice guide for small businesses

November 10th, 2019 - Get new posts sent straight to your inbox, click here.

If you’re running a business, internet security is paramount. Not only do you need to protect your customer’s data (with potentially huge fines if you don’t), but you also need to protect your company’s assets, intellectual property, and trade secrets.

Know when you’ve been attacked

The first step in internet security for businesses is being able to tell when your company’s security has been compromised. Sometimes, this is obvious. When one of your employees tells you that ransomware messages are popping up, software you didn’t want starts to install itself on your computers systems, or staff start experiencing their mice moving on their own and making selections, then you’ve clearly been the victim of an attack. However, other examples are more subtle – if passwords to Cloud applications are no longer working, then it could be that your employee has forgotten their password, or that a hacker has got in and changed it.

You should be doing everything in your power to avoid being attacked in the first place, but staying vigilant for signs that they’ve got through anyway is also critically important – the sooner you respond to a hacking attempt, the less damage will be caused.

How to protect your business from hackers

So, what can you do to protect your business from hackers? There’s a few best practices that you should be aware of:

  • Establish a solid foundation for backups.
    You should be backing up everything within the business – both in terms of software and data – and this should be done on a frequent basis. There are plenty of tools available that will automate the backup process, and you can seamlessly keep copies of everything you do in the organisation online. That way, in the event of a ransomware attack or similar, you can simply restore your PCs and network to a point before the attack. If you have been doing those backups frequently and diligently, the loss of data to your business will be minimal.
  • Keep passwords secure.
    Implement a policy within your business that staff should change their passwords every six months (at a minimum), and that no two passwords can be the same across the applications that the staff use. Consider investing in password management software so that staff don’t feel tempted to write their passwords down in notebooks or on sticky notes. Popular examples of password management software platforms are LastPass and 1Password.
  • Perform regular system check-ups.
    Some of the most dangerous hacks are the ones that exploit old and unpatched software. Make sure your IT team or support person regularly runs through the network to make sure that all systems and software applications are kept up to date. Also make sure that all anti-virus, firewall, and other security software is kept up to date on a daily basis. There are approximately 350,000 new malware programs discovered every day. It’s an ongoing battle that security companies fight, and you need to be very vigilant with your updates to ensure you’re covered as best as possible.

Most importantly of all: take the time to educate your staff

In so many cases, a hacker is able to get access to a computer system simply by convincing someone to download a virus. How are they able to do that? Perhaps they send an email that looks like it comes from a legitimate source (often a bank or shipping company), and the attachment is masquerading as a statement or order document. Or perhaps they’ve called up, pretending to be technical support, and convinced the staff member to give them admin access to the computer system.

However it happens, the biggest vulnerability in most businesses is human nature. Not everyone in your organisation is going to be tech savvy – for most of them, it’s simply not their job, and they’ve got other things to worry about. It’s your job to make sure that they’re aware of the risks, and how hackers will try and bypass even the best security system and IT team.

You should be investing in an ongoing education and training strategy for all staff, designed to reinforce the following security best practices:

  • Never download or open attachments that come from unknown people, and always be aware of the warning signs that a seemingly legitimate email comes from an illegitimate source.
  • Only ever input data into websites that have an adequate SSL certificate. Before any login attempt, make sure your staff are checking their web browser’s address bar for the little padlock that indicates the site is safe and secured.

One final note on business cyber security

One final point is to develop policies around the encryption and disposal of sensitive data. Don’t allow sensitive data to simply sit on systems when it’s not needed. Keep it isolated from the rest of the system, and properly encrypted. That way, even if the rest of the network is compromised, the most potentially damaging data remains protected.

Feel like you could be at risk of cyber attacks? Visit the Aussie Broadband Blog to view relevant articles.