Small Business Cyber Security Fundamentals

• May 11, 2022

The innovative use of the Internet can give small business owners a competitive advantage as much as their larger counterparts. However, large companies have increased spending on IT security and compliance efforts, diverting the attention of cybercriminals to the small business community.

According to the National Small Business Cybersecurity Study, most the small businesses don't do enough to protect themselves online. Nearly a fifth of small businesses do not have or use antivirus software. Sixty percent do not use any encryption on their wireless networks, and two thirds do not have a security plan in place.

At the most basic level, cybercriminals seek to steal personal information, such as credit cards, social insurance, bank account numbers, and passwords. These new age criminals use spyware, malware and other illegal applications to hijack computers and use them for larger criminal activities. For example, entire networks of hacked computers - "bots" - are used to send unsolicited email messages aimed at directing recipients to fraudulent websites designed to extract personal information.

1. Internet Use Policy

Every business needs a plan to protect its information, and part of that plan should be an internet usage policy that lets employees know their responsibilities when it comes to surfing the web in company time. At a minimum, the policy should address which files or programs can be downloaded from the Internet, use antivirus software to scan any approved file downloads before opening them, use strong passwords, which sites you can and cannot visit at work and what social networking sites, if any, are , approved for commercial use.

2. Content filtering

The easiest solution to spyware, malware, and other Internet threats is to block access to those sites that are most likely to contain them. No employee should, for any reason, need to access the sites you block at work. A content filter blocks access to porn sites and other sites used by cybercriminals and others with bad intentions. Content filters also prevent employees from accessing the non-work related sites that negatively impact work effort and productivity.

3. Separate computers for home/work

Whether your employees work in the office or from home, it is beneficial to maintain separate computers for use at work and at home. Although it may make financial sense to combine home and office use, savings is misleading. Working on a computer at home exposes you and your clients to significant risks. Investing in another computer will easily pay for itself in reducing risk.

4. Antivirus and malware software

Computers are increasingly coming with these programs installed. Small businesses that require more comprehensive protection can also choose to install a suite product that automatically patches their operating systems each time a new malware or virus is detected.

5. Email protection

Many group security products include email protection to guard against spam and other threats. Explain to employees that no one should open attachments from unknown senders.

6. Strong passwords

Always create strong passwords of more than six characters that use mixed letters and include numbers and symbols. These strong passwords are much more difficult for any cybercriminal to crack or guess. Operating passwords should also be installed on PDAs and cell phones, even those that are personally owned and used for business. In most cases, your data is your business.

7. Wi-Fi Safety (Wireless)

Companies quickly adopted and implemented wireless Internet networks. Although small businesses are getting smarter about securing their wireless networks, they need to get smarter about using stronger encryption and changing default passwords.