Cybersecurity Recommendations for Small Businesses

Wondering where to invest your time and resources for the best return when it comes to securing your small business against hackers and ransomware?

Small Businesses cannot afford to be without a cybersecurity strategy. And each business’ plans will be different, depending on their unique circumstances. The differences between small business security consulting services will all depend upon the quality of service they offer. If you hire an MSP to look at your system, they’ll be able to tell you which parts of your system are most vulnerable and give you recommendations to remediate what they find.

If you haven’t been investing in cybersecurity for your small business yet, it’s time to start doing so. There has never been a more important moment to take action to secure your company’s digital assets.

You may think your data is not valuable to a hacker, and that may be true.  But they know how important it is to you and that’s how they get you to pay.  What kind of loss would your business incur if you lost all or most of your data?  Could you recover in a week, a month or ever?  How about if your data was released publicly on the Internet – do you have any private information that needs to be protected?

Astonishingly, in 2021 hackers fired cyberattacks on small businesses increased by 454% per the US National Cybersecurity Alliance. What is worse than that? Well, the reality is, smaller companies tend to have fewer security measures than larger companies. Therefore they’re at greater risk of having their systems compromised. Almost two out of three small businesses shut down after suffering from a serious cyber attack. With a limited budget, how can a small company get adequate cybersecurity?

It can be hard to choose between different cybersecurity service providers. The good news is that keeping your business safe doesn’t need to break your bank account. As far as advanced enterprise-level cybersecurity products go, there are plenty available for purchase on a scalable, per-user bases.

Every business needs a custom strategy, but we generally suggest starting off by focusing on these things:

  1. Change Your Password Every 90-Days
  2. Enable Password Complexity
  3. Enable Multi-factor authentication (MFA)
  4. Get Cyber Risk Insurance
  5. Have Virtual Private Networks (VPN)
  6. Provide Cybersecurity Training for Staff
  7. Have Bring Your Own Device Policies
  8. Continuous Network Security Monitoring
  9. Have Cloud-Based Backups
  10. Get Protections for your VoIP Phone Systems

Here are some basic recommendations from Intech-Hawaii:

1. Change Your Password Every 90-Days

Your computers store and provide access to a huge amount of sensitive personal and business info. Even more so when your computer connects to a network that houses your client accounts’ info. To keep everything safe, your organization needs a regular policy to require employees to update their usernames and/or passcodes. Change them frequently—every 90 to 120 day (3 to 4 months).

According to a recent study by Symantec, 80% of all cybersecurity attacks occur because users choose easy-to-guess passwords. To avoid falling victim to any of these threats, consider changing your passwords every three months and ensuring they meet a minimum length and complexity requirements.

2. Enable Password Complexity

Yes, some businesses would like to keep doing business as they’ve always done. Although using the same password under 6 characters is convenient for the individual, it is also convenient for hackers. Don’t make accessing your network easy for hackers. You can make things complicated for them by simply enabling password complexity in your security settings.  Here’s an article on the Necessity of Complicated Passwords.

3. Enable 2-Factor or Multi-Factor Authentication

If your business relies only on usernames and passwords to sign into its systems, you could be placing your business at risk. Passwords are easy for hackers to guess, easy to buy online, and easy to steal from people. Therefore, it’s important to use a multi-factor authentication system which consists of two forms of verification—a password plus a security code obtained via email, text or security application. Some examples of security apps are Microsoft’s Authenticator, Twilio’s Authy or Google’s Duo.

4. Get Cyber Risk Insurance

Many small businesses may not realize the potential consequences of a cyberattack until they’ve already been breached.

You need protection from cybersecurity risks, which can lead to many kinds of damages that might affect your business operations and finances. For most small businesses, having an insurance plan that costs a few thousand dollars per year isn’t prohibitively expensive. It could also save you millions.

It’s important to note that insurance companies have become increasingly selective when it comes to which business they want to insure, especially if they don’t already provide coverage for them. You’ll need to be able to demonstrate proficiency with various security tools and have appropriate crisis response polices in place. We don’t offer direct quotes for cyber liability coverage, but we can help you get covered.

5. Use Virtual Private Networks

A Virtual Private Network (VPN) is a secure network tunnel between two computers or networks. With a VPN, users can securely connect to their office network securely. VPNs can also be set to ensure that the remote computer meets certain minimum security requirements, such as having update antivirus software and an encrypted disk.

6. Provide Cybersecurity Training for Staff

Did you realize that the vast bulk of internet security breaches comes from people who click on infected links sent via email? Some large companies are receiving thousands of fake scam emails every day, and these messages attempt to get users to click on bad links that install malware or viruses or visit malicious sites made to look like legitimate ones.

Employees are your biggest risk factor, so train them to keep theirs and your data safe.  Yearly comprehensive training and monthly mini-modules combined with simulated phishing tests are needed to turn your team into your last line of defense against hackers.  Intech-Hawaii can help train your team members into becoming what we call “human firewalls”.

7. Bring Your Own Device (BYOD) Policies

Many companies now let their employees use their own devices for business purposes. While this may allow you to save money, there are certain cybersecurity risks associated with it since you don’t have control over the security profile of the non-company device.

If you allow employees’ personal computers or laptops to be used for business purposes, you need to create a BYOD (bring your own devices) policy to spell out exactly what is required before allowing outside devices into your network. We can help you define your requirements and craft your policy.

8. Continuous Network Security Monitoring

Many small businesses employ an IT services provider only to fix problems as they occur.  If you are doing this, you’re making a mistake.  You need to keep tabs on your servers 24 hours a day, 7 days a week, 365 days a year if you expect them to be secure. A managed IT service provider can provide that level of monitoring for you. Plus, because they can scale their resources based on your company’s growth, they’re much better equipped to handle incidents quickly and effectively. For an enterprise-level solution that fits your budget, find out more if an MSP (Managed Service Provider) or MSSP (Managed Service Security Provider) is the best solution for your business.

9. Have Cloud-Based Backup

Your secondary backups might reside on your own servers, but if they’re not backed up properly, there’s always the chance that something could happen. If you’re backing up your data to disk and keeping it offsite, you don’t completely eliminate your data security risks. If there’s a major natural disaster, or an extreme server malfunction, then that disk may not be readable.

Modern disaster recovery plans should definitely consider cloud-backed up security solutions. Backing up your data to the cloud can be a daunting task with many strategies, steps and options to consider.  You can learn more about cloud-based backups and if this is right for you here.

10. Get Protection for your VoIP Phone Systems

VoIP technology offers companies several benefits and features but there are some things to keep in mind before choosing one. However, because they’re carried on websites and social media sites, they’re just as susceptible to attacks and hacks as any other online content.

If they can compromise your VoIP system, hackers can listen in on calls, charge purchases on your account, impersonate executives at their call centers and steal valuable company information. If you have a VoIP system, you must have strict security measures in place.

Do You Need Small Business Cybersecurity Consulting?

Fortunately, MSPs and MSSPs, like Intech-Hawaii, are leaders in both industries and can help you manage and secure your network with our Managed IT support services, Cybersecurity services and Compliance services which include the items above as well as many other measures to protect your network.