The internet offers small businesses several opportunities for growth. Email marketing, online payment systems and cloud computing empower business owners to reach new markets and increase sales while also eliminating expenses by providing employees with the tools needed to work more efficiently. However, the increased use of such technologies inherently puts the private information of both customers and businesses at risk.
With October designated as Cybersecurity Awareness Month, now is the perfect time to review your security measures and ensure your information is safe. Every small business that uses the internet is responsible for implementing cybersecurity measures that enhance service capabilities without betraying the privacy and confidence of consumers. Thus, any plan to grow a business through the use of the internet should include thorough cybersecurity measures in order to protect the business, its customers and their personal information. Below are 10 key cybersecurity tips for small business owners to consider.
Train employees in security principles
Establish basic security practices and policies for employees, such as requiring strong passwords and establishing appropriate internet use guidelines. Establish rules of behavior that describe how to protect customer information and other vital data. Include explicit consequences for violating company cybersecurity policies.
Keep clean machines
Protect information, hardware and private networks from cyberattacks by having the latest security software, web browsers and operating systems installed. Install key software updates as soon as they are available and set antivirus software to run a scan after each update. This is a simple yet effective way to protect against viruses, malware and other online threats.
Provide firewall security for your internet connection
A firewall is a set of related programs that prevent hackers from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If you have employees that work remotely, ensure that their internet connections are also protected by a firewall.
Create a mobile device action plan
Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data and install security apps to prevent criminals from stealing private information. Be sure to set reporting procedures for lost or stolen equipment.
Make backup copies of important data and information
Regularly backup the data on all computers, such as word processing documents, electronic spreadsheets, databases, financial files, human resources files and accounts receivable/payable files. Backup data automatically if possible and store the copies either offsite or in the cloud.
Control physical access to your computers
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
Secure your networks
If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID).
Employ best practices on payment cards
Work with banks or processors to ensure the most trusted and validated anti-fraud methods are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the internet.
Limit employee access
Limit employee access to pertinent data and information, and limit authority to install software. Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs and should not be able to install any software without permission.
Passwords and authentication
Require employees to use unique passwords and change passwords every three months. Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data to see if they offer multifactor authentication for your account.
For more information on how to protect your small business, visit the FCC’s Cybersecurity Hub or check Busey's Money Matters blog and our Fraud Prevention FAQs.