Not so long ago, cybercrime was primarily associated with big business and government organizations – in other words, huge entities whose information is extremely valuable. Small and medium-sized businesses felt largely unaffected by the cybercrime scare – after all, as long as you do not move around millions of dollars, there is no reason to target you, right? Wrong. As cybercrime methods grow more sophisticated and hackers grow more numerous and organized, they more and more often turn their attention to small companies. The reason is simple – although the payoff of breaching the security of such an organization is smaller than hacking into the network of the multinational corporation, it is also far more straightforward and less risky.
Many cybercriminals today are not even hackers in the traditional sense – they do not have a lot of technical knowledge and instead utilize ready-made and relatively inexpensive tools. The future of cybersecurity concerns small businesses just as much as it concerns huge corporations – and your survival depends on your early adoption of the right practices.
1. Train Your Employees
No matter how advanced your cybersecurity system is, if your employees are ignorant about the potential threats and do not know which online behaviors put your network in danger, it is all for naught. According to statistics, about 90 percent of all successful cyberattacks happen as a result of human error, not hacker’s ingenuity. The only way to protect yourself is to teach your employees the right behaviors and make sure they follow them.
2. Use a VPN
Using a VPN is one of the basic rules for any business today, no matter its size or industry it belongs to. What is a VPN? Simplifying it a bit, it creates a tunnel between your computer and the target resource on the Internet, encrypting everything that passes through it and making it invisible from the outside. As a result, hackers have a much harder time stealing sensitive information or finding out what exactly you do on the Internet. There are other applications, such as hiding your real location and accessing resources blocked in your country, but for business purposes, they are secondary.
Your business should have a reliable VPN, and all your employees should use it at all times, especially when they are outside of your internal network because this is precisely when they are most vulnerable.
3. Use Multi-Factor Authentication
Multi-factor authentication is the practice of demanding that a user presents more than one proof of identity before getting access to information, service, or something else. We are all used to using passwords for authentication, and it is an excellent practice to teach your employees to use strong passwords everywhere. However, a password can get stolen or leak in some other way. Enter multi-factor authentication: it uses a combination of additional checks to make sure only the right people are granted access. It may be something inherent to a user (face recognition, retina or fingerprint scan), a physical object (ID card or token), an app (like Google Authenticator), or knowledge (answer to a secret question). It is not impossible to hack, but it makes the cybercriminal’s job far, far harder.
4. Automate Your Backups
Backup is a copy of your business’s important data kept separately from the original. If a cyber-incident occurs and you lose your data, you can simply restore a backup and continue your work with minimal interference. Automating your backups means establishing a system that creates such backups without human intervention, which allows you to do it as often as you like.
5. Enforce Strong Password Practices
Despite hearing every day how dangerous it is to have weak passwords or using the same passwords for all your accounts, people keep doing it. One such mistake, made by one employee only can bring your entire cybersecurity system crashing down. It is why it is so important not just to educate your employees to create strong and secure passwords, but to enforce this policy. All your applications and systems simply should not accept passwords that do not meet specific requirements: length shorter than, e.g., 10 symbols, presence of both upper- and lowercase letters, use of letters, figures and symbols, and so on.
6. Firewalls, Antiviruses and Anti-Malware Software
Using these types of software will not protect you from malicious software and phishing attacks all by itself, but in combination with the practices mentioned above, it can eliminate the vast majority of threats. Make sure all the company devices have them installed and get regular updates. If your business employs a BYOD (Bring Your Own Device) policy, make sure that all devices used by employees also have such tools installed.
The battlefield between cybercriminals and cybersecurity specialists is no longer limited to big businesses and organizations – today, it concerns every individual and every business, no matter how small. Make sure you are prepared for what is yet to come!