By definition, small businesses often think they are too small to draw the attention of criminals and hackers looking to exploit businesses for their own gain.
Unfortunately the truth is the polar opposite. Small businesses are being hit with data breaches and cyber attacks more often. Small businesses are tempting targets because they can’t afford the security features and staff that enterprise-class businesses budget for annually.
There are a number of holes in the strategies of most small businesses and some need to dedicate a lot more money into keeping themselves safe from malware, viruses, and ransomware.
This article will look at three ideas that will help your small business employees be responsible for keeping their data safe.
But first, let’s discuss why criminals target small businesses for cybercrime.
The first reason is that they assume, often correctly, that SMBs have little-to-no budget for strong cybersecurity.
Some businesses try to get away with the free versions of products and some don’t have any protection at all. But they should protect their networks at all costs.
No protection at all means that it’s a lot easier for cybercriminals to push illegal software onto your system, try to lure your employees to a phishing website to steal their credentials, or send spyware or malware onto their computers and mobile devices.
Criminals also are of the belief that small businesses are not as well versed as established ones when it comes to protecting data.
Certain industries have standards that must be maintained when it comes to data protection, but they are long and strenuous to maintain.
Smaller businesses are unlikely to have real security and IT specialists working, which means they will be much slower to react if an attack does happen.
Here are three ideas to engrain in your employees to help keep them and their company safe:
Take All IT Training Seriously
Learning about protecting your company’s property and data is not just a one-time skill you learn on your third day of work, then slowly forget over the next few months.
If your job requires handgun training, would you expect employees to learn about it one day and never practice it again? It’s the same principle. If you want employees to know how to protect data, they must practice frequently and be reminded constantly.
Change Passwords Frequently *
Everyone will grunt and groan about this, but that’s when you give them an incentive to change ie every 90 days. Maybe the first department to do it all within the time frame gets a free lunch.
* While Microsoft and other prominent companies have recently stopped requiring regular password changes for employees it’s still a good idea to change service account passwords on a set schedule. Service accounts are system users that run automated tasks, services like SQL Server, and other programs that require a user that can’t be deleted and their password doesn’t change regularly.
Consider using a password manager to ease the burden on the individual who has to remember so many different passwords. This is a great idea for both employees and administrators. Invest in a password manager like Dashlane to limit exposure and increase security.
Use Two-Factor Authentication
Unlike in real math, the difference between one and two credentials necessary to access a system is absolutely enormous.
A password can eventually be broken by the right hacker with the right equipment. But when you add in a second form of ID, such as a random number generated and sent to your key fob, you completely negate the hacker’s ability to enter your system.
Once employees are properly trained, two-factor authentication is as simple to use as a password but much more secure.