Small Business Brief

Safety & Loss Prevention

Get Hip or Get Ripped Off: 10 Tips for Small Business Cyber Security

Is your small business as secure as it can be?

A lot of business owners may not know the answer to this question. Others assume that their small businesses are simply not at risk when it comes to cybersecurity.

Yet even an individual with the smallest digital footprint could be vulnerable to hacking or a cyber attack. 

It’s imperative to take the right steps to ensure your small business’s security, both inside and out.

In this post, we look closely at small business cyber security. Read on for the top ten tips for keeping your company secure!

1. Have a Security Policy

First things first–every successful small business security plan begins with a policy. This is vital if you manage employees who have regular access to sensitive data.

Your security policy should be as comprehensive as possible. It should detail appropriate employee behavior for managing all company data.

This includes password and account use. It also includes management of physical information, including documents stored on business premises and computers themselves.

Your security policy should also outline what to do in case an information breach occurs. (We discuss this further in Tip #10.)

Lastly, if you have a bunch of remote workers, create a section in your policy about staying secure while working remotely. Employees who use business devices outside of the office can easily put your data at risk.

Make sure this security policy is in your employee handbook. If you don’t have an employee handbook, we strongly recommend creating one!

At the very least, your small business cyber security policy should be easily accessible by all workers. Update it regularly as systems and practices change.  

2. Train Your Employees

Unfortunately, it’s all too easy for an employee to mishandle data. A large percentage of cyber attacks occur due to lack of knowledge of best practices. 

If you manage a large team of employees, you need to be especially rigorous when it comes to training your staff in small business security.

As mentioned above, your security policy should be clearly outlined in an employee handbook or manual. If applicable, ensure that your employees sign nondisclosure agreements (or an industry alternative, depending on your needs).

You may even want to hold a training session for new hires. These sessions don’t have to be extensive. But they can emphasize key principles of your security policy.

Check in with your employees regularly to ensure everyone is on board with security practices. This is especially important when you update systems or software.  

3. Ensure Authentic Password Use

As a small business owner, you likely have access to a variety of online accounts. Your employees likely do, too.

One essential principle of small business security is to ensure everyone uses authentic passwords for every account. This includes basic accounts like email as well!

What does it mean to have an authentic password?

Authentic passwords are distinct and unique. Your employees should never use the same password to access different accounts.

They should also not use any passwords currently set up on any personal accounts (like a private email account).

They are also secure if they include a variety of characters, capital letters, numbers, and lowercase letters. Learn more about creating an authentic, secure password here.

Some businesses require account users to change their passwords every few months. This can be a great way to ensure authentic password use at all times.

4. Implement Antivirus Software

Viruses and malware weren’t just a thing of the early 2000s. It’s still possible to succumb to viruses in this highly digital age.

Make sure that all of your computers and programs are supported by antivirus software. Keep this software regularly updated, too, as it often changes.

There are scores of antivirus software programs out there. It’s important to assess your tech security needs before setting one up. Some are better suited for Windows, while others are better suited for Macs, for example.

Others may also be more costly, but don’t let price dissuade you. It is likely worth the investment, especially if you have a lot of sensitive data to safeguard.

Take the time to read online reviews of antivirus software. Some programs will enable free trials to test out their software.

5. Follow Best Practices for Wifi

Unsecured wifi networks can make businesses vulnerable to hacking. The truism about avoiding open-source wifi holds true here.

Establish a wifi network for your business that only employees have access to. More importantly, give employees access but do not permit them to know the network’s password.

This means that only you (or an IT person) will hold the key to the network. 

If clients and customers regularly come through your doors, set up a guest wi-fi network. Having separate networks keeps your data safe from the wrong pair of eyes.

Also, make sure that your wifi network is supported by the best technology. Outdated networks–such as those that rely on Ethernet–can be compromising. 

Keep in mind that the server your business uses could be putting you at risk. Shared servers, for example, may make your information more vulnerable to unauthorized access.

Consider a VPN server, one that offers dedicated hosting for a single network (yours.) Learn more about what you can do with a VPN server here.

6. Be Cautious With Mobile Devices

Be sure to cover mobile device use in your company’s security policy. This is vital if your employees are issued company mobile devices, including cell phones, tablets, iPads, and Kindles.

Most of these employees will likely use your company WiFi to access important information on these devices while at work. Some may even access accounts remotely.

Your employees should be cautious when using mobile devices for remote work (as should you). They should password protect these devices to keep files safe.

If possible, encrypt your data so that mobile access is as secure as possible.

Caution employees against using open-source networks for any mobile devices. 

7. Have a Backup Plan (Literally)

As a business owner, you have a lot of information to protect! You should be backing up all of your company data regularly.

What does it mean to backup your data?

Backing up your data means storing a copy of your information in a secondary place.

In many cases, this secondary place is an external hard drive. It could also be cloud-based, which means that you can access data from other devices at all times.

An external hard drive may feel like the way to go here. But be careful with these. They are, after all, a physical object that could easily be stolen if not kept in a secure place.

If you back up your data with an external hard drive, create a storage plan ahead of time. This is vital if your employees have access to these hard drives or use them when working remotely.

We recommend using secure cloud-based backup solutions. In general, you’re safe storing backup info in the cloud if you encrypt your data and use secure passwords. 

8. Know What to Do In Case of an Emergency

This is one of the most important tips in this post. If a data breach occurs at your business, will you be prepared?

Preventing a data breach is one thing. But a lot of small business owners are unsure about how to respond to a cyber attack. This is especially the case if you aren’t aware of the extent of the breach itself.

Determine what was stolen before you do anything else. Was it simply a password? An entire account? Sensitive data?

Then, make sure you report the breach. Learn more about that here.

Next, change all access passwords to your accounts. If you have employees, it’s mandatory that they do the same. Make sure they are changing their current passwords to authentic, secure ones.

You may also need to contact financial institutions, if necessary, including credit reporting bureaus.

Clearly outline steps employees should take after a breach in your security policy.

9. Update Your Software 

Keep all of the software your company uses regularly updated. Be religious about this!

This doesn’t just mean software programs. Update physical computers and technology, too. Physical tech can make you just as vulnerable to hacking as programs and systems.

We recommend learning more about physical security solutions before you make any changes.

10. Discourage Unauthorized Users

Above all, keep unauthorized users away from your company data. This means giving certain privileges of account access to select employees, if necessary.

Who gets access to what will come down to job descriptions and contract agreements. Your employees should also know not to share account access with colleagues.

Small Business Cyber Security

As a small business owner, the security of your data is paramount. The same goes for the security of your customers’ data.

Make sure you are taking the steps necessary to keep your company secure. This means using a secure network, preferably one supported by a VPN server. Have your employees create authentic passwords for all accounts, and keep these passwords updated.

Install antivirus software, upgrade all existing systems when possible, and know what to do in the instance of an attack.

Small Business Brief is committed to fetching you the most relevant small business advice. We recommend visiting one of our forums to learn more about small business cyber security!