According to recent statistics, one small business in the UK is hacked every 19 seconds. The average cost of a data breach for British companies is an astronomical $3.88 million. Could you afford to suffer a security breach?
For many small businesses, the answer is a resolute “no”. To avoid an attack, you need to be following cybersecurity best practices. If your employees adhere to these best practices, you can bolster every aspect of your company’s security and protect you from cyberattacks.
So what are the most important aspects of good cybersecurity? They encompass every aspect of how your employees interact with your company’s IT systems.
Ready to find out more and improve your security? Then read on and make your business safer.
1. Teach Your Employees to Recognize Phishing
Phishing is an ongoing problem and a great starting point for teaching your employees cybersecurity best practices. Phishing emails are emails that attempt to harvest personal information from your employees or install malware on your network. These emails purport to be from trusted companies which can make detecting them tricky.
Many email providers are good at blocking phishing emails but some still get through. You can recognize phishing emails with the following techniques:
- Look at the email address rather than the sender. For instance, if an email says it’s from Paypal, it will be from Paypal.com, not a Gmail address
- Is the email badly written? Many phishing emails originate from countries like Nigeria and their authors may not speak English as a first language
- Are there suspicious links or attachments? For instance, does the email contain a .exe attachment?
Spearphishing attacks that attackers use to target individuals rather than companies are more difficult to detect but these same techniques apply.
2. Teach Good Password Security
When teaching cybersecurity to your employees, password security is vital. The most common passwords still include easy to crack examples like “abc123”.
Your employees should use passwords that contain numbers and special symbols. You could also opt for passwords that are combinations of several words, which may be easier to remember.
Changing passwords regularly is also an important part of cybersecurity best practices. You should mandate employees to change their passwords every 1-3 months. Keeping the same password for too long can make hacking your system easier for attackers.
3. Use Multi-Factor Authentication
As an addendum to good password security, you should also be using multi-factor authentication (MFA). You may be familiar with this if you use it to access your email or social media. On these platforms, the company will text you an access code that you need to type in along with your password.
Your business may not be able to rely on text messages: what if one of your employees can’t get a mobile signal? You can use devices called hardware tokens that don’t need to connect to the internet and can be attached to an employee’s keyring instead.
4. Keep Your Software Updated
Many businesses don’t have a robust updating schedule. Updating your software and operating system are vital for good cybersecurity.
These updates often include security updates that block security holes in the operating system soon after experts find them. If you don’t install the update, you’ll still have a big gaping hole in your network.
It’s not only your operating system that you need to update either. You should also make sure that you keep Java updated, for instance. Update all of your software as soon as an update is available and ensure employees know to do this on their devices.
5. Secure Your Network
Is your network as secure as it should be? If it isn’t, your network is an open invitation to hackers and other cyberattackers.
Securing your network starts by adding a strong password to your Wi-Fi network. Never leave your Wi-Fi password as the default password. You can find lists of default passwords online very easily and hackers know this.
You should also only allow select devices on your network. Assume that any device from outside your company is compromised until proven otherwise. For instance, allowing employees to connect their smartphones to the same network that your servers are on is a bad idea.
You should also ensure that you are using a firewall. If you’re not using a firewall, getting into your network is trivial.
6. Teach Employees to Avoid Unknown Webpages
Many pieces of malware install themselves via drive-by-downloads. These downloads are stealthy and you won’t know that they’ve installed themselves until it’s too late.
Cybersecurity employee training needs to include information on drive-by-downloads. This means teaching employees not to click on suspicious links in emails or on pop-up adverts.
You need to teach employees to avoid any sites that could be problematic if you want to keep your system safe. A great way to make this easier is to install add-ons that include safe browsing components. Examples of these kinds of extensions include Avast Online Security and Norton Safe Search.
7. Backup Your Data
One of the most important facets of cybersecurity best practices is making backups. If you suffered a data loss or were attacked with ransomware, would you be able to recover your files? If the answer is no, you’ve got a serious problem.
Making backups reduces downtime and keeps your data safe. You should be doing this on a company-wide level, storing backups of your company data on secure cloud servers and locally.
However, you also need to teach your employees to back up their files. Encourage them to upload anything they’re working on to secure cloud servers or your company’s local backup server. This applies whether they’re working locally or remotely.
How to Adhere to Cybersecurity Best Practices
Adhering to cybersecurity best practices requires a lot of training and engagement with your employees. If you’re unsure of your level of security, our Cyber Essentials certification can help you. If you’re weak in any area, we can help you patch up this hole in your security.
For more information about our rates and how we can help you, please get in contact with us!
Peter has been in the Information Security world since 1999 and in IT in general since 1996. His work history contains a unique blended balance between the development of exceptional technical capabilities and business knowledge. Peter is a proud father of twins and enjoys GT endurance racing on the weekends.