Cybersecurity for Small Businesses
Your business could be a target for cyber criminals
Knowing and putting these basic cybersecurity principles into practice will help protect your business and reduce the risk of a cyber-attack or security breach.
Protect your files and devices
- Update your software – set updates to happen automatically
- Secure your files – back up important files in external hard drives or in the cloud
- Require passwords – use passwords on all devices including tablets and mobile devices
- Use multi factor authentication – require multi factor authentication for areas within your network with sensitive data
Beware of ransomware
- Scam emails – only access links and attachments in emails from a trusted source
- Infected websites – they can automatically download malicious software to your network via computers with your infrastructure.
- Online Ads – malicious code could be embedded into ads even on websites that you know and trust
- Verify compliance – establish processes to ensure your vendors have a process that is being followed. Do not assume this is the case, verify.
- Put it in writing – include provisions for security in contracts you have in place with your vendors such as plans for regular assessment of security controls. This should always be binding.
- Adapt to change – cybersecurity threats are evolving so should the controls that you have in place with your customers.
- Sender Policy Framework – implement this email authentication method designed to detect dubious email addresses during the transmitting of emails
- Domain Keys Identified Mail – a digital signature on outgoing mails will allow servers to verify that emails originated from your company’s domain
- Domain-based Message Authentication, Reporting & Conformance – this provides a message on your email traffic telling other servers or domains what to do when a message is received from a domain that bears your identifier
Make Security Business As Usual
- Train all staff – institute a culture of security by implementing a regular schedule of compulsory cybersecurity training
- Have a plan – to store and retrieve data, business continuity and informing impacted internal stakeholders and customers in case of a breach.
- Know the response plan – all staff should know what do if there is a breach, including whom to notify and how to reduce the risk
- Keep your IT security up to date – ensure latest patches and updates are installed. Utilize addition services like email authentication, intrusion prevention and threat monitoring software