15 Things You Can Do to Reduce Your Risk
Did you hear that cyber attacks & cyber espionage have replaced terrorism as the top security threat facing the United States? James Clapper, U.S. Director of National Challenge, shared this as part of a recent briefing to the Senate Intelligence Committee. U.S. businesses are clearly targets for cyber threats for obvious reasons, but businesses anywhere should prepare themselves for an attack.
Even if a small business is the unlikely target of a cyber threat, they should prepare themselves. If a high-ticket attacker is not interested in targeting them, an ex-employee or a competitor may be. Small businesses should therefore get better prepared.
There are plenty of sophisticated – and very expensive – solutions that can be put in place to protect your business. These involve a combination of security experts and software that can be engaged to identify any vulnerabilities and get them corrected. Most small businesses cannot afford this level of solution.
Here are 15 steps a small business owner should take to improve the security of their information. This includes protection against both cyber attacks and physical security breaches.
- Be sure every computer in your business has anti-virus software installed. Confirm with your IT person that the software is configured to automatically load the latest virus definitions.
- Do not allow employees to use their personal computers to access your IT systems.
- Confirm with your IT person that you have a firewall sitting between your computers and the Internet.
- Be sure your IT person has a regularly scheduled process for applying the latest security patches to all of your computers.
- Ensure all of your computers are setup to lock themselves after 30 minutes of inactivity.
- Be sure each of your employees has a unique username and password, your systems are setup to force a password change every 90 days, and your employees are not sharing passwords. Ensure your employees do NOT record their passwords on sticky notes sitting on their desk.
- Do not print out any documents with secure data unless absolutely necessary. If documents need to be stored, make sure the hard copies are always physically secured. If you have to print out documents with secure data, utilize a shredding service to destroy sensitive documents after usage.
- Confirm with your IT person your data is backed up (offsite), you’ve tested a restore from backup, and your servers are connected to an Uninterrupted Power Supply (UPS).
- Create a written information security policy. Require existing and new employees to review and sign off.
- If you provide a guest wireless network, keep this separate from the wireless network your employees use. Do not put your guests and employees on the same wireless network.
- Ensure that your employees are very aware that they should never click on links from an unfamiliar email sender. If you think an email/link is legitimate, then go to the website in the link and open the link directly. Never open email attachments from unfamiliar senders.
- Consider Restricted User Profiles for your employees’ workstations; this allows only your System Administrator to install new software and greatly reduces the risk of spyware andviruses.
- Be sure all of your employees use strong passwords (e.g. inclusive of numbers, capitals and non-alphanumeric characters).
- Utilize security features of wireless routers. This is also very important for your home because hackers attempt to break into home PCs in order to have them work for them.
- Sign up for the United States Computer Emergency Readiness Team (US-CERT) mailing list to receive the latest cyber security information directly to your inbox. Written for home and business users, alerts provide timely information about current security issues and vulnerabilities. There is an email signup option at the bottom of this page: http://www.us-cert.gov/
You may just want to hand this to your IT employee/consultant to run down. Getting a thumbs up on each of these items should help you sleep a lot better at night.
- State computers compromised, not enough staff to fix it (kvue.com)
- Most IT Security Pros Believe Cyber-Attacks Are More Dangerous than Physical Attacks (news.softpedia.com)
- Resisting a cyber attack (hiscox.co.uk)