When black hat hackers target major retailers such as Target or Home Depot, all eyes turn to cybersecurity. But did you know that small businesses are at an even greater threat risk than these major companies? These brands often lack the knowledge of network security best practices, and hackers know entrepreneurial companies are unlikely to pursue costly litigation.
It’s no surprise, therefore, that 14 million American small businesses found themselves victims of cyber attacks in 2016 alone. The average cost of those attacks ranged between $84,000 and $140,000, and 67% of the businesses attacked went belly up in six months.
Still, two-thirds of small business owners say they have no cyber protection plan in place.
They are sitting ducks. That doesn’t have to be true for your small business, though. You can work through this quick network security best practices checklist to create an ultra-secure information system.
Assess your risk.
Your business may be at high risk for a malware, phishing, or other security breach. Alternatively, you might be relatively safe. Before purchasing extensive software or hiring a cybersecurity expert, see what specific holes in your firewall need to be patched.
- Look at your system’s processes, applications, and functions. What does your system do? Where did you buy it? Who services it? Who uses it? Where does the information go? Know your system through and through.
- Determine the threats. Are you most vulnerable to an unauthorized user gaining access? Is your greatest fear that someone will locate private, privileged information on your server? What about data leaks? Understand what threats could keep you awake at night.
- Establish the scale of risk. For each threat, determine its likelihood and its impact. Rate it accordingly – high risk, medium risk, or low risk.
- Assess your current security system. Does your current network security prevent the identified threats? Are your high-risk threats more carefully guarded than your low-risk ones?
Protect your networks.
Guarding your network against malicious (or inadvertent) infiltration means more than purchasing anti-virus software. Certainly, you want to keep your anti-virus software up to date and running smoothly, and a managed service provider can help you do that.
But don’t forget to take other simple precautions. Encourage employees to build strong passwords, for example, and avoid writing them down. Caution your team about keeping passwords on their computer. And remind them not to walk away from an unprotected computer system.
Be sure you’re storing data on a secure cloud and not a local system. You may even want to consider a virtual data room (VDR) depending upon the kind of data you keep.
Also inquire about adding cyber liability insurance. While this approach is not right for every enterprise, it can help protect you in the event of a lawsuit due to a data breach.
Safeguard your servers and clients.
Best practices include:
- Choosing a secure web host. Ask potential hosts about their cybersecurity practices, and consider using a virtual private server or even shelling out the extra cash for a private server located in a safe, locked room in your office. Your managed services provider should be able to help you select the right host and server type.
- Limiting employee access to data. Human error is responsible for a surprisingly large number of security breaches. That’s why the fewer people who have access to data, the safer it is. Be especially vigilant during an employee termination when an angry or inattentive staff member can open up your system to malware or hackers.
- Upgrading your software. The latest version of any software also has the best patches and protection against invasion. Keep up to date.
- Communicating with your clients. In the event of a data breach, don’t try to hide it. Working with your lawyer, inform your customers and answer their questions honestly. People will remember your integrity when this experience is over.
Monitor your environment.
Never let your network go unprotected. Federal law could soon penalize companies that get hacked, so you need the best protection and a quick response time in case of a breach. A 24×7 continuous monitoring service is the single best practice for your network security.