Cybersecurity tips for small businesses.

Do you know the basics to keep your small business protected from cybercrime? Read to learn about actionable steps you can take to make sure your business is cyber-secure.

When it comes to running a small business, cybersecurity solutions aren’t always the most fun topics of discussion and they're often overlooked or forgotten about. But in reality, you’re only as safe as your weakest link, so ensuring you have good protection practices in place to safeguard your business from breaches, hacks, and scams is paramount to running a business smoothly. Let’s use an analogy to go over some cybersecurity concepts for small business.

Think about a brick-and-mortar business. What are the access points to get into the building? You are thinking about the doors and windows. And you already have measures in place to protect access. You have locks on the doors. You may have an alarm set up and possibly security cameras, motion detectors, and lights. The customer facing area has product. But you keep the cash in the till behind a counter or desk and you likely have a safe in the back where customers are not authorized.

Industry best practices for cyber security include logical and physical access to data.

You are creating a more secure environment by limiting access through physical barriers and monitoring tools. And all of these are the first steps to cyber security too. Industry best practices for cyber security include logical and physical access to data. Physical includes all the above that you do to keep your business secure.

Physical security measures should also be protecting your information technology (IT), in addition to your product and cash on hand. 

1. Conduct an inventory of your IT assets. As a business owner, you should know what IT assets have customer, employee, and business data. Identify where these tablets, desktops, and laptops are located. 
2. Execute a plan to physically secure the IT assets. When the IT is not in use, where do you keep it? You should consider your data and the physical items that hold data to be more valuable than the cash in the register. They should be locked and put away when not in use. Consider having a log or a way for employees to sign out mobile devices to track the location of all equipment.
3. Password-protect the devices. Each device should require a password to log on to prevent unauthorized people from using the device. This control is a transition from physical to logical controls in setting up a cyber security plan.

Next, think about logical barriers to unauthorized access to data on your devices. Logical measures are to ensure that only authorized users can perform actions or access information in a network or a workstation.

1. Conduct an inventory of your data. Just as you need to know what physical IT is being used by your business, know what type of data you are storing. Do you collect customer emails for a newsletter? Do you have a file of proprietary business information that is your secret sauce to success? Identify your employee data and where it is stored.
2. Execute a plan to logically secure the data. Locks and keys are important to physically securing buildings and rooms, and passwords and encryption are the equivalent for logically securing data. Each employee should have their own password that allows them to access only the data they need to do their job. 

a. Use passwords to not only protect the device, but also file folders and documents.
b. Consider using share portals that store documents that are accessible only by those who need access to complete their assigned tasks.
c. Use software that has multi factor authentication. Think about this as a deadbolt which adds a layer of protection.

Next let’s think about ways to make the whole IT structure more secure. Your building may have an alarm system or a monitoring system that will alert you when an intruder is trying to break in. You want the same type of monitoring on your IT.

1. Updated virus protection. Use a reputable anti-malware or virus software and update it regularly. Also, run patches and updates for all your software on a regular basis. Companies push updates periodically to improve the functionality of their software, and often they close off cybersecurity weaknesses that have been identified. You do not want to be leaving a window open that circumvents all the locks on your doors.
2. Train your employees to identify fraud and phishing attempts. Teach them to not click on unknown links or attachments. Consider limiting the use or access to personal email accounts on work IT.
3. Using the Cloud. Using the cloud or software-as-a-service that depends on the cloud can be a great way to optimize business. Ask about their security. Find out where your data will be stored and what measures are being employed to protect it. Do they encrypt the data in transit? Do they encrypt it at rest? What is their liability if someone hacks them and accesses your data?

Cybersecurity for small business is a journey and not a destination.

As your business grows, your cyber security should also mature. Your IT security measures will grow to include people monitoring for unauthorized access. You will be checking for news of threats and implementing preventative checks on your systems. Consider getting an ISO 27001 (international standard for information security) or SOC 2 (a voluntary compliance standard developed by the American Institute of CPAs) certification, which not only can protect the business, but can also be a market differentiator.

All of this can cost money. If your business cannot afford it all today, do the things that give you the most protection for the items that have the most risk. Then set a timeline to improve the rest. Cybersecurity for small business is a journey and not a destination. This is an area that will always require updates and upgrades.

Armed with information, awareness, and common-sense cybersecurity business practices, you can help protect your customers, reputation, and bottom line.

Want even more trends, insights, and success stories?

Interested in T-Mobile for Business?