By: Keenan Hendricks, Maine SBDC Intern, based on Basics to Cyber-Securing Your Business Webinar by Business Advisors Brandon McDonald & Jared Tapley.
As your business grows its daily operations and overall presence on the web, you must ensure that you are informed about the basics of Cybersecurity for your small business. It is easy for you to become victim to Cyber Security breaches as it can happen to anyone or any department at any given time, even in Maine. Here are the focal points you need to be aware of on Cyber Securing your small business.
Be aware of Ransom Attacks and Spoofing
Typically, a ransom attack can happen by clicking on Spoofing content. Spoofing content, which is usually fake emails or fake websites contain unsafe links or malicious files that can subject you to a ransom attack.
- Spoofing is when a commonly used website or a known email address is impersonated, as being the real thing. The fake websites usually scam users into buying any form of untraceable currency (Bitcoin, Gift Cards, etc.), and will tell you that you will lose all files if you do not pay.
- Spoofing emails are usually from fake emails, sent at an odd hour of the day, contains broken typed English, too good to be true headlines, shady links, and “Off” salutations.
- By Clicking on unsafe links or malicious files will subject you to an embedded virus. This is a more serious virus that constantly pops up on your computer demanding a return of an untraceable currency. Never should you pay, but you should identify when you have an embedded virus and remove it, or it will damage your hard drive.
Prevent ransom attacks and spoofing
Acquire a VPN – Virtual private networks
- Think of it as a body double, a layer of protection.
- Use to be connected to negative behavior – now a must-have to prevent your browsing history or data from being intercepted.
- Very affordable most top VPNs are around $10 per month.
- Simple to set up – Top VPNs are activated with two clicks and alert you when disconnected.
Utilize Anti-Virus/Malware
- Software to stop active threats.
- Windows Defender – is an OK service, but probably needs a companion for Anti-Malware.
- Do not just assume because you browse safely that you will not encounter threats, it can happen to anyone at any time.
Utilize a Firewall
- Software to prevent threats from occurring.
- Windows Firewall – Usually Okay when paired with a VPN.
- Ensure emails are protected with an email server firewall.
Other
- Email Servers – Office 365 is an active threat monitoring system that helps you catch it malicious files and unsafe links and puts them in your spam email.
- Update your browser and OS for security patches. The more up to date you are with the services the more protection you will have.
- A reminder that: Microsoft, The IRS, or your bank will not email you or ask you for personal information. Whenever in doubt, call the official number of the IRS, Bank Account, or Business. Do not respond to the email.
Implement a strong password strategy
It is important that your passwords are complex, on all accounts to ensure it is not easy for hackers or computer software to guess your password. Use these password tips:
- You want to make your password something unique but also somewhat random.
- It is not safe to write your passwords within a file on your computer, as it could be easy to grab when your computer is hacked.
- When possible use two-factor authentication to logging into your accounts, for example attaching your phone number or email address is sufficient.
Backup your Data
All small businesses should be properly prepared to for a potential compromise of their business’s data, these tips will help you understand how to back up your data.
- Use External Hard Drive that is not connected to the computer or third part cloud backups in the event of a compromise.
- Back up files regularly, or set the system to automatically back up on schedule. It’s important to prevent loss due to common hardware failures, defects, and hard drive crashes.
- All Businesses should set a data breach plan in place and inform employees what to do in the event of a cyber-attack.
Have a secured Payment Processing system
If you offer an e-commerce service your business may be more attractive for hackers, so it is important to understand the following concerning pay processing systems on your website.
- Utilize a reputable third-party online payment processing company to move cybersecurity concerns off your business – Square, Etsy, Stripe, PayPal.
- You do not want any extra liability; you should make the third-party payment processing companies responsible for the hacking or malfunctioning.
- Do not ask the customer to manually send a card or checking information. Do not use an online “Contact ME” portal to process payments to bypass fees.
- When purchasing from new vendors or using an unrecognized payment process portal consider using a one-time use of virtual cards.
Physical Security
Not only should you be aware of the cyber security software and updates to ensure your business’s and personal information is secure, but also keep your physical computing and data devices secure. Here are a few quick tips of physical security.
- Lock away USB Drives, default password documentation, or unsecured electronic devices.
- Devices that hold sensitive information should only be accessible to those who need access to it, to do their job.
- Paper or electronic logs of all company devices that contain sensitive data or company information should be kept to maintain accountability.
- Computer storage and server rooms should be protected with passwords, pins, or other applicable security measures.
Be cautious when using or providing Public Networks (Wifi)
When using or proving a public network (Wifi) you should be mindful of the following:
- Password protecting your customer’s devices – implement a strong secure password on offered WiFi.
- Routers typically place the default password and username on the product- put it in a safe place and remove that sticker. Change the router’s SSID/WIFI name and password.
- Use Extreme Caution when browsing unsecured websites on outside public networks and you should always use a VPN on public networks, even when using your phone.