Cybersecurity has always been an area of concern for businesses but the past year has seen even greater focus. 2020 displayed a conclusively quarter-on-quarter increase in new malware threats across the entire year. Not only is the volume of cybersecurity threats increasing but so too are they evolving in complexity and aggressiveness.
Having much of the world shifting to remote work also increases the risk potential as employees move to alternate devices, utilize home networks, or move out from under the protective umbrella of IT teams.
The biggest problem, though, is that these cybersecurity threats are no longer simply focused on larger businesses. Over the year, almost half of small to medium businesses fell victim to ransomware attacks alone.
Keeping Your Business Safer Online
While in the past we may have gotten away with basic antivirus solutions, that won’t really make the cut given the increased risk faced today. Don’t mistake this with antivirus becoming obsolete – it isn’t. Rather, the scope of defensive tools needs to be widened and tempered with improved cybersecurity habits.
Here are some ways you can improve cybersecurity for your business.
1. Choose Internet Security Suites Over Traditional Antivirus
We’ve heard it a million times – you need to have a solid antivirus solution on your computer. While that may be true, the more complex cybersecurity landscape today requires a better solution. Instead of an antivirus application, consider switching to an Internet Security solution instead.
These are more comprehensive application suites that extend the core functionality of antivirus applications. Most Internet Security solutions will include defense against ransomware, phishing, WiFi vulnerabilities, and more.
Smaller businesses can benefit in this area by buying consumer licenses which now often cover up to five or even ten devices per license.
2. Use a Virtual Private Network Service
Virtual Private Networks (VPN) services provide access to secure servers located across multiple locations. While they are useful for many things, the main interest in a VPN is privacy and security – two things you need to be concerned about with a remote workforce.
VPNs use secure servers so that all the workers connecting to sources of company data will have it encrypted. In addition, VPNs can also bypass bandwidth throttling, just in case their Internet Service Provider (ISP) decides it can’t cope with the strain on its network.
Some VPNs like Surfshark offer subscriptions that cover multiple simultaneous logins. Others like NordVPN have special business solutions you can consider instead.
3. Manage Passwords With Care
We often read how some people will choose really crazy passwords to use, simply to the extent it’s difficult to imagine. Yet many continue to do so and an astounding 65% reuse the same password across multiple websites and services.
We know that strong passwords are by nature complex and should;
- Consist of at least 8 characters
- Mix upper and lowercase characters
- Include digits and special characters (like ^ or #)
- Be unique
Yet creating and remembering these passwords can be challenging, which is probably why these guidelines are often ignored. Instead of taking this risk with your business, sign up for a password manager service.
These services can help you generate complex passwords, remember the credentials needed for each website or service, and fill them in automatically for you each time you want to log in. They’re incredibly simple to use and can boost your password security significantly.
4. Always Keep Backups of Everything
Data is the lifeblood of most businesses and even smaller businesses need records like invoices, customer information, contracts, and more. If something happens to the data you may face a whole slew of headaches – or much worse.
Consider the financial and reputational damage to your business from a complete or even partial data wipeout. Bad data can be caused by many things, including cybersecurity breaches. And astoundingly, the average annual cost of this to the U.S. alone is a staggering $3 trillion.
Now you know the potential fallout, consider investing adequately in backup software and equipment. Cloud storage is a good way for smaller businesses to get secure storage space for backups without breaking the bank.
If you need to keep the data on-premise for some reason there are other solutions such as the addition of a Network Attached Storage (NAS) device.
5. Keep Applications Updated
Many cybersecurity threats seek to exploit loopholes in known application vulnerabilities. All of our devices use many different applications. Even Operating Systems (OS) like Windows are applications. While these help us do things, no application is perfectly secure.
Oftentimes, vulnerabilities only appear sometime after applications have been released to consumers. When these are discovered, developers will create and update or “patch” which fixes them. However, you still need to download and install these updates for them to take effect.
Remember to keep all of your applications updated. Ideally, keep records of when you check for updates and do this regularly. While some applications can be updated automatically this isn’t really recommended for businesses since the update may also be flawed – so keep an eye on security bulletins as well.
Besides applications, the hardware also has something called firmware on it that needs updates. This can be a little trickier to manage, so where possible, source your hardware from a vendor who’s willing to do patches on the firmware from time to time.
6. Secure Your Website
Your business website is part of the company assets and, in fact, is a big part of your digital brand. Website security is something that smaller businesses also tend to neglect. However, the threat footprint is in fact larger. Make sure you place an equal focus on securing your websites from cyber threats.
There are many ways that this can be done, from working with a secure web hosting service provider to using security services (and in some cases, security plugins). Many things are also pretty basic – for instance, the use of Secure Sockets Layer (SSL) certificates to ensure data passing between your website and its visitors is encrypted.
Some things you can do include;
- Using anti-malware on your web server
- Keeping web applications updated
- Using anti-spam tools
- Keeping an eye on file permissions
- Using a Web Application Firewall (WAF)
7. Invest in a Hardware Firewall
While many OS and more advanced routers today include a software firewall, it’s advisable for businesses to deploy a hardware firewall additionally. Firewalls act as security guards for your network, scanning all data that comes in to ensure it isn’t harmful.
Hardware firewalls are often stronger since they are dedicated to this single task. They sit between your network and the internet, so nothing will get in without their approval. Hardware firewalls also include their own resources such as processors, to ensure that data coming in is scanned quickly and either passed into the network or blocked from entry.
There are many hardware firewalls in the market suitable for small business use. Some of the top brands like Fortinet, Ubiquiti, and pfSense have great track records in security and small business solutions that won’t break the bank.
8. Educate and Train Employees
Knowing the cybersecurity risks your company faces and issuing policies to staff can be helpful. Yet nothing quite substitutes for proper training sessions – even if they’re held in-house. Where possible, hold periodic security refreshers to keep employees aware of the latest threats.
It’s important for them to realize how to protect themselves and business assets for example storing files on secure servers – but also know why there is a need for such. Telling an employee to “do this” may work, but if they understand the consequences of lax security, the motivation for increased attention will likely improve.
9. Avoid Freeware Like the Plague
While the word “free” might sound great to your business budget it is seldom a good idea. Software costs money to develop and services will cost even more to operate. As a business owner, you can understand this and the same theory needs to be applied to freeware.
While you may get the use of an antivirus solution or other service for free, consider what you might be giving up instead. Many free services are ad-driven which may compromise security. In addition, there are cases where freeware generated revenue by selling customer data.
If you’re using freeware and that happens, what about the cost of a data compromise if it affects your customers or the business itself directly?
It is impossible to completely secure a business from cybersecurity threats but that doesn’t mean it’s ok to just let things be. Improving the cybersecurity of your business is a deterrent – the more formidable your defenses are, the more likely you will be skipped over for the next in line.
From what you can see in the tips we’ve covered in this article, there are multiple facets to consider for lowering your risk profile. Every additional measure you implement helps. If it feels troublesome or you think it costs too much to do, remember the potential cost of a security breach and bite that bullet.