The digital age necessitates that nearly every business be online. A small company might just run a website with an online store. Or the business could take things further by using cloud-based applications for storing data and processing onsite payments.
While the internet can expand a company’s reach and cloud-based apps can improve its productivity, there is a downside. Everything employees do online exposes the business to cyberthreats. Those threats can consist of malware, phishing, and ransomware, among others.
Social engineering is an additional threat small businesses may face. Cybercriminals use these tactics to learn passwords or gain unauthorized access to a company’s network and all its resources. A cybercriminal could pose as a security vendor over the phone and convince an employee to disclose sensitive information.
Guarding against cyberthreats like malware and social engineering requires vigilance, know-how, and a good set of protective tools. Let’s review some of the measures small business owners can take to shield their companies against cyberthreats and attacks.
1. Secure Wi-Fi Networks
At the very least, a company’s Wi-Fi network should be password protected. This includes separate passwords to connect to the network and the modem or router. Most modems have default passwords that allow you to control settings through web-based interfaces. You want to change this password immediately since most cybercriminals are aware of default passwords for different Wi-Fi equipment.
You can also consider not broadcasting your Wi-Fi network’s name. When you tell the modem to hide the network’s name, it’s more difficult for others to find. Your network doesn’t show in the list of Wi-Fi connections available to a smartphone, laptop, or another device. However, keeping a Wi-Fi network under wraps isn’t practical for every small business.
Some companies, for example, need to enable guest or public Wi-Fi access. Fortunately, a small business Wi-Fi solution can help secure a network and allow separate access levels for customers, employees, and high-stakes devices. Built-in security software powered by artificial intelligence constantly scans and monitors for cyberthreats at the network level. The software stops malware from infecting any connected devices, isolates suspicious activities, and sends business owners incident alerts.
2. Protect Devices With Anti-Malware Software
Cybercriminals can install malware and ransomware at the network level. However, they also target individual devices. Operating systems, business productivity applications, and web browsers are common ways malware can sneak in. Downloaded attachments from compromised email accounts or phishing emails are another way. USB or external hard drives employees swap between company and personal devices pose yet another risk of malware infection.
Anti-malware programs on every device provide another level of protection against ransomware and malicious software. Recent reports show that cybercriminals are three times more likely to target smaller businesses than larger companies. The accounts of owners, high-level managers, and executive assistants within small companies are also more likely to become targets.
Anti-malware software that’s updated regularly helps prevent compromised accounts and devices. These programs scan computers, applications, and connected hard drives for problems. Anti-malware software can block malicious code and alert employees about suspicious websites and links. Besides keeping up with anti-malware software updates, installing security patches for operating systems, web browsers, and applications is also critical.
3. Limit and Control Access to IT Resources
Employees may have jobs to do, but that doesn’t mean they need open access to IT-related resources. The same principle applies to any vendors that deal with the network, internal software, or device installation and repair. Limiting and controlling access based on the principle of least privilege guards against potential unauthorized activities and cyberthreats.
Employees and vendors should have access to the network resources, applications, and devices they require to do their jobs — nothing more and nothing less. Think of the principle of least privilege in terms of protecting your home. You might give a trusted family member a spare key or smart lock code for emergencies. But you probably wouldn’t do this for a random stranger or a delivery person. This is an example of controlling physical access.
Under the principle of least privilege, you can limit both physical and virtual access to IT-related resources. If employees don’t need to use back-office equipment, you can place those devices in a separate, secured area. Only those with specific keycards or lock codes can gain entry. You can set up different permission groups to control virtual access to network folders and software functions. For instance, administrators can install apps on devices, but non-administrators can’t.
4. Implement Strong Password Practices
Cybercriminals get passwords through data breaches, key-logging applications, and social engineering and process of elimination tactics. Previous data breaches of social media platforms and companies can put sensitive information like passwords on the black market. Cybercriminals will often try to use passwords obtained through past breaches. That’s because people tend to use the same passwords for various personal and work-related accounts.
One step you can take is educating employees about the importance of using unique passwords for each account. You can also implement strong password policies and requirements. Systems can prompt password changes every 90 days and require certain combinations of letters, symbols, and numbers.
Strong passwords are usually long. They also contain capital and lowercase letters, numbers, and special characters. These combinations are harder for cybercriminals to guess or crack. Requiring multifactor or two-factor authentication is another layer of protection you can implement. This requires employees to enter a one-time code or use a fingerprint to gain access. Even if cybercriminals get a user’s password, bypassing multifactor authentication won’t be as easy.
Putting Your Guard Up
Protecting a small business from cyberthreats involves strategic thought and planning. Owners have to think about all the ways cybercriminals might access sensitive data and resources. Smaller companies can establish an effective protective shield by using tools and best practices to secure networks, devices, applications, and accounts.