As a small business owner, it can be tempting to think that hackers won’t be targeting your business anytime soon.
Surely, they’ll be too busy hacking the big corporations like Google or Equifax.
However, you’d be surprised to learn that according to the 2023 Verizon Data Breaches Investigations Report, 71% of breaches targeted small businesses.
Compare that to their 2019 DBIR Summary that stated only 43% of all breaches in 2019 targeted small businesses.
Data like this shows that hackers spare no one when it comes down to who they choose to attack. And small businesses are their major target today.
This means that even owners of the smallest businesses should be concerned about cybersecurity best practices — as even a single breach can make them collapse.
But don’t give up all hope! The fact that your small business is likely to suffer from a cyberattack doesn’t mean you are defenseless.
There are many measures you can take to keep your business safe from hackers—or at least minimize the likelihood of a security breach occurring.
Cybersecurity Best Practices
That’s why I’ve built a list of 5 Cybersecurity Best Practices that you can apply to your business.
With these, you can rest at ease knowing that your business is a bit more secure from hackers than it was before.
Without further ado, let’s get right into it.
1. Train Employees on Cybersecurity 101
Admittedly, “cybersecurity 101” may sound like a silly name, but you can’t run without first learning how to walk.
Unfortunately, 80% of data breaches are caused by human error, down from the 90% reported in 2019.
That means that you should take the time to train your employees.
Identity security is the cornerstone of cybersecurity. Many attacks stem from stolen credentials or compromised employee identities.
There are things they should and shouldn’t do when dealing with anything that has access to the internet — or any electronic device that is used on company grounds for that matter.
Here are a few rules your employees should always follow when it comes to cybersecurity best practices in your business:
-
Never store passwords as plain text.
Passwords stored in plaintext are unencrypted. So if a hacker gains access into your company’s server or computers, they’ll have no problem using them.
Encrypt your passwords with an encryption method such as SHA-2, which became the new standard for encryption in 2017.
If you do, they won’t be able to utilize the passwords they obtain, keeping your information safe.
-
Never click unfamiliar links or email attachments from people you don’t know.
Although your company may have a spam filter installed in its email server, opening any attachments without verifying the sender first is just asking for trouble.
-
Passwordless authentication is stronger than using passwords
Passwordless authentication is a strong method of keeping your on-premises assets safe from attacks. Passwords are easily compromised.
If employees use passwords at all, they must use strong passwords to make it less likely for data to get stolen (as the password is more difficult to crack).
Never use the same password for more than one account. That way, if hackers gain access to one of the employee’s accounts, their access is limited as all of the passwords are different.
-
Connect only work-issued devices to the company’s network.
Although it is a bit of an extreme measure, you can restrict the devices allowed in your network to those that are company-issued only.
This will reduce the chances of an employee connecting a personal device that is potentially infected with malware which could then infiltrate your network.
Note: these are not the only guidelines your employees should follow when it comes to cybersecurity in your company. But is is a starting point to help avoid some major loopholes hackers may attack.
2. Make Sure to Periodically Back Up Your Data
Everyone should back up their data periodically, regardless of whether they’re a business owner or not.
However, as a business owner, you must have backups in place. Ensure that in case of an environmental disaster, breach, or other potential threats, your data stays unharmed.
Lost data can cost thousands, if not millions of dollars.
Schedule regular automatic backups. They are the best way to ensure that your data is always backed up.
Use weekly backups at a minimum. Larger companies run monthly, weekly and daily backups so they can be certain to restore all data.
Multiple servers should be used for making backups. This will ensure that your data is available if one server fails. (Of course, make sure to protect those servers with strong passwords, too.)
Backup servers should be in different locations. This can maximize the chance of your data being unharmed should there be an environmental disaster or site-wide breach.
3. Install a Firewall on Your Networks
When it comes to protecting your network, business owners should spare no expense.
Your network perimeter is one of your strongest defenses against hackers.
A firewall is a security measure which serves to protect a network from potential intruders, having a similar protocol to that of a bodyguard.
It has pre-programmed measures that prevent unauthorized entry to the network and can even be set up to block certain actions from being performed (e.g. wiping a server of all of its data or transmitting a file that may be malicious).
This allows you to keep your network secure with authorized users only.
And prohibits a hacker (or an employee with malicious intentions) from harming your network if they do manage to bypass the authentication factor.
4. Implement Anti-Virus Systems on Your Devices
Let’s face it—although some people see anti-virus systems as “a thing of the past” due to operating systems improving security-wise, the need for strong anti-virus software continues to exist.
Zero-day exploits and malware attacks become more and more rampant year after year, especially for small business owners.
An anti-virus system will remove any existing malware within your businesses’ devices as well as constantly check for new threats as frequently as daily.
This will ensure that your business is free of any threats when it comes to the devices within it.
Their malware database (which is often updated daily) provides reliable protection for even the newest of threats.
5. Secure & Encrypt Your Websites With HTTPS
If you haven’t switched your website from HTTP to HTTPs, it’s time to do so.
Using HTTP instead of HTTPs can harm your SEO ranking. It causes browsers to display warnings on your site (that scare away your visitors!).
But there’s so much more to it than that. A site that is not HTTPs is unencrypted and susceptible to MITM (man-in-the-middle) attacks.
MITM attacks let an intruder listen to the digital communication between a website and a visitor.
This means that any information that is entered on the site is at risk of being stolen, whether it’s their address, credit card number, or SSN.
This is why any sites that accept payment must adhere to PCI-DSS compliance, a set of requirements set by law to protect consumer data.
The FTC and other regulators can impose heavy fines on sites that are not on HTTPs in the event of a breach, as customer data is not being properly encrypted.
Implement These Cybersecurity Best Practices!
These are by no means the only measures you should take when it comes to cybersecurity in your business.
But implementing these 5 cybersecurity best practices should provide you with a good starting point.
You can hopefully expand on these basics, making your company’s cybersecurity stronger every month!
Backup and Storage Through the Ages
The History and Future of Passwords Infographic
Originally published 9/19/19; updated 5/1/20 to add infographic and improve readability; updated 6/19/20 to add second infographic; statistics, links, and content updated 4/7/24.