When it comes to small business security, sometimes you don’t have to be the fastest; you just need to make sure you’re not the slowest. In the animal world being second slowest may mean you’re not dinner for a herd of feasting animals. In business, striving to be the best or top tier secure company simply may not be feasible. Costs, expertise and other factors play into why you may be middle of the pack vs. the front. Whether you are at the top or the middle, you should at least make sure you’re not the easiest prey.
Based on a question a friend who owns a small business asked me, I put together a very basic list of things that can be done by any small business to improve security.
Don’t Assume You’re Immune: Don’t question the fact that someone with malicious intent may be interested in you. Getting over this bit of denial will help get you moving. There could be several reasons why a malicious actor would look your way. Maybe you have a disgruntled former employee? Past irritated client? Some kid has too much time on his hands? These are all viable actors and increasingly these kinds of folks are turning their attention toward small business.
Background Checks: Could running background checks on future employees help? It’s not that expensive and can save you a lot of pain.
Sensitive Data: Know what it is and protect it. Not all data is sensitive, but as we’ve seen from some rather large breaches you better know what it is and guard it appropriately.
Figure Out Where Your Sensitive Data Is: Is in on laptops? Your server? A cloud provider? Make sure you have a good inventory tracking system and know where things are. A laptop isn’t a place where you should have sensitive data stored, but if it’s there make sure you inventory it. If it’s with a provider see point #1. Don’t assume your providers are secure; ask good questions on how they protect data and request to see any third party validation they have.
Encrypt and Manage Sensitive Data: Less is more in this case; keep it on as few systems as you can. Keep sensitive data isolated from other data and networks. The point is to make it next to impossible for someone with evil intentions to access.
Firewalls: These network devices can be used to monitor and record information, such as who’s trying to access your network. A firewall may also block many of the viruses and malware before they reach your customers. A firewall can also complement or supplement content and email filtering solutions. Have someone help you determine if hardware or software options are best for your company.
Run And Update Antivirus: Put simply, viruses mutate frequently and if you don’t have your antivirus up to date you could find your system vulnerable to the latest attacks. Microsoft Security Essentials is a free, effective anti-virus solution.
Run Malwarebytes In Addition To Running Antivirus:As their tagline says it, “Protects you from new online threats that antivirus can’t detect.” There’s a free version that does a great job.
Require Strong Passwords: We still see weak passwords, passwords that are easy to crack. Think of creating strong pass phrases that might combine events you can remember and make it alphanumeric with characters. But you should think of something that someone won’t easily think of like names and dates that are common. For instance, instead of using your son Charles birthday of Feb 29, 1997, use CharlesBornLeapYear97!
These are pretty basic beginnings, nothing earth shattering. But that’s the point. Do the easy things, do the things that may make an intruder simply go elsewhere for an easy target or quick lunch.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!