There’s an old joke about two men hiking in the woods when they come across a big, grumpy black bear. Scared silly, one of the guys starts to run but notices his friend stopped, bent-over, changing his shoes. He shouts to him, “Dude! What are you doing?!?! Why aren’t you running?” to which his friend replies, “I’m changing my shoes because I don’t need to outrun the bear – I only need to outrun YOU.”
This is a perfect analogy for what’s going on in small businesses: the “slow,” easy targets are getting nailed by fast-growing cybercrime rings that are getting more sophisticated and aggressive in attacking small businesses. Last year, the average cyber-attack cost a small business £13,752, a substantial increase from 2013, when the average was £5,699. That’s because most small businesses don’t have the security protocols in place or the manpower and budget to implement sophisticated security systems. While there’s absolutely no way to completely protect yourself other than disconnecting entirely from the Internet, there are several things you can do to avoid being easy pickings. Here’s how:
- Train Employees On Security Best Practices. The #1 vulnerability for business networks are the employees using them. It’s extremely common for an employee to infect an entire network by opening and clicking a phishing e-mail or cleverly disguised attachment. If they don’t know how to spot infected e-mails or online scams, they could compromise your entire network.
- Create An Acceptable Use Policy (AUP) – And Enforce It! An AUP outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail. We strongly recommend putting a policy in place that limits the web sites employees can access with work devices and Internet connectivity. Further, you have to enforce your policy with content-filtering software and firewalls. We can easily set up permissions and rules that will regulate what web sites your employee’s access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others.
- Require STRONG passwords and passcodes to lock mobile devices. Passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number.
- Keep Your Network Up-To-Date. New vulnerabilities are frequently found in common software programs you are using, such as Microsoft Office; therefore it’s critical you patch and update your systems frequently. If you’re under a managed IT plan, this can all be automated for you so you don’t have to worry about missing an important update.
- Have An Excellent Backup. This can foil the most aggressive (and new) ransomware attacks, where a hacker locks up your files and holds them ransom until you pay a fee. If your files are backed up, you don’t have to pay a crook to get them back. A good backup will also protect you against an employee accidentally deleting or overwriting files, natural disasters, fire, water damage, hardware failures and a host of other data-erasing disasters. Your backups should be AUTOMATED and monitored; the worst time to test your backup is when you desperately need it to work!
- Don’t allow employees to download and install unauthorised software or files. One of the fastest ways cybercriminals access networks is by duping unsuspecting users to willfully download malicious software by embedding it within downloadable files, games or other “innocent”-looking apps. This can largely be prevented with a good firewall, correct PC configuration and employee training and monitoring.
If you are on a managed service with us then we will have gone through these points and more with you. If not and you need help implementing any of these changes then please get in contact with me or Oliver on 02380 983405
You must be logged in to post a comment.