October 10, 2023 - 2:41 pm
A Dose of Cybersecurity Measures: 10 Tips to Enhance Cybersecurity for Your Small Business
This article was written by West Shore Bank, a 20Fathoms Community Partner.
In today’s always-connected world, cybersecurity threats are top of mind for small business owners. You may not have the resources of a larger company, but you can still take a proactive approach to training your employees and protecting your business from cybersecurity threats. According to IBM and other industry leaders, businesses should spend 9-14 percent of their overall IT budget on cybersecurity and Internet safety measures. Based on IBM data, $9.44 million was the average cost of a data breach in 2022 among organizations in the US. Read on for our best cybersecurity tips to protect your Michigan small business.
A strong password consists of 10+ characters, upper and lowercase letters, numbers, and special characters. Even better than a strong password is a passphrase. Choose a phrase you can easily remember and turn it into a mix of characters. For example, “S3cur1tyR0cks!” Employees should never share their passwords with co-workers or anyone else.
Of course, creating a strong password once isn’t enough. Create a calendar reminder for your employees to change their passwords every 3-6 months. If they ever suspect their account has been compromised, they should change the password immediately.
Finally, employees shouldn’t use the same password for more than one login. While it may seem like a hassle, creating a unique login for each account instead of re-using the same password limits your exposure in the event that one of your passwords is hacked.
This is an effective way to protect your business’s data, including internal records and customer information.
First, you need to decide what kind of data to encrypt such as customer information, confidential data, and financial records. You may also want to encrypt the emails and files shared between your business and clients. Next, choose a strong encryption algorithm and make sure encryption keys are controlled and stored in a secure place. The last step is to monitor for access attempts or unauthorized changes.
This is a good rule of thumb for both small business owners and employees who are at the computer all day. Why? Human error is a top cause of data breaches and too much computer use can strain the eyes. Employees should mix up the workday by getting fresh air or stepping away from the computer throughout the day. Even just looking out the window for a minute instead of at your screen can help. Resting your eyes makes it easier for you to spot fake links, extra punctuation in email addresses, or typos in email body.
Keeping your computer and mobile device software up-to-date helps guarantee security patches and updates are installed, which can stop hackers from taking advantage of software flaws. You don’t even have to remember to install updates; you can set these up as automatic installs. The most well-known antivirus programs include Norton, McAfee, Avast, and Kaspersky. These applications operate by scanning files, emails, and websites for any indications of harmful activity.
According to IBM Data, phishing attacks in 2022 cost organizations $4.91M. As a small business, your employees are the front guard against scammers. Train them to recognize phishing attacks so they don’t fall for a scam and put your business at risk. You can purchase cybersecurity training and phishing simulation programs to keep your employees up-to-date on the latest phishing scams. The purpose of phishing simulation is to test employees’ knowledge, let them practice identifying phishing emails, and help them learn from mistakes.
Best practices to avoid phishing attacks include:
- Don’t click on links or open attachments from unknown senders.
- If the message appears to be from a reputable company or government agency, contact that company or agency directly (not through the email) to see if there really is a problem with your account.
- Scammers may also try to impersonate the company president, HR person, or accounting department. Also reach out to the person directly before sharing sensitive information.
- Grammatical, spelling, and punctuation errors are a red flag.
- Beware of a sense of urgency, pressure, or fear. Scammers try to get you to act quickly without thinking.
- Learn what banks never ask.
In addition to digital threats, scammers may try to access your data through your physical space. Follow these tips to protect your physical location from a data breach:
- Employees should log out of their computers whenever they leave their desk.
- Restrict access to sensitive files and servers. Only those employees who need access should have it.
- If you own a small retail shop, keep your computer locked away in a back room.
- Keep your organization’s keys and access cards stored and locked away.
- Inventory essential software, hardware, and equipment so you’ll know if a device goes missing.
- Identify building visitors and keep a log of visitor comings and goings.
If you have room in your budget, you may want to consider cybersecurity insurance. This type of business insurance policy could help you cover the costs of recovering from a cyberattack, as well as offer liability protection from breaches that occurred from human error.
Cloud storage is a safe and secure way to back up your business data. Storing data in the cloud means it can be recovered in the event that a physical device is stolen. If you only store your data locally (on your laptop, for example), it will be gone if your laptop is lost or stolen.
Access control allows you to limit access to networks, systems, and data to the employees who need it for work purposes. The way to do this is through role-based access control (RBAC). Using this approach, administrators give people different levels of access based on their positions inside the firm. You may also want to restrict the use of non-company email and social media sites on work on computers. This offers additional protection against data breaches.
To get everyone on the same page, your business should have an official Cybersecurity Policy with guidance for employees around employee education, password management, device security (lock devices and avoid public networks if you can), and privacy settings (for personal email and social media accounts).
Additionally, it’s helpful to have a Cyberattack Response Plan in place. Hopefully you won’t have to use it, but if you do things will go much smoother. This type of plan provides a step-by-step process for locating, handling, and recovering from cybersecurity incidents. To create the best possible plan, make sure to test and update it regularly.
Contact us to learn how we can help your Michigan business! West Shore Bank is dedicated to helping small businesses succeed in West and Northern Michigan and along the lake shore. We are here to provide you with the resources you need to keep your business safe and thriving. Learn more about our Business Services and contact us with questions. For more information on small business cybersecurity, check out our recent blog post on identity theft. Local resources on cybersecurity for Michigan businesses include the Michigan 2023 Cyber Summit and Michigan Cyber Partners.