How to Enhance Cybersecurity for Your Business

Train your employees

What is the leading cause of small business data breaches? Employees and work-related communications. They are direct pathways into your systems. Train your employees on internet usage best practices. This can help in preventing cyberattacks.  

Other useful training topics include:

• Spotting phishing emails
• Using good internet browsing practices
• Avoiding suspicious downloads
• Enabling authentication tools (strong passwords, Multi-Factor Authentication, etc.)
• Protecting sensitive vendor and customer information 

Secure your networks

Safeguard your internet connection by encrypting information and using a firewall. If you have a Wi-Fi network, make sure it is secure and hidden. This means setting up your wireless access point or router so it does not broadcast the network name. This is also called the Service Set Identifier (SSID). Make sure your router is password protected. If you have employees working remotely, they should use a Virtual Private Network (VPN). A VPN will connect to your network securely from their location. 

Use antivirus software and keep all software updated

Install antivirus software on all business’s computers, and update them regularly. Antivirus software can be found online from a variety of different vendors. All software vendors provide patches and updates to correct and improve security and operations. It is best to configure your software to install updates automatically. Also update all operating systems, web browsers, and other applications. This will help secure all business data. 

Enable Multi-Factor Authentication

Multi-Factor Authentication (MFA) is an important security measure. It verifies someone’s identity by requiring more than a username and password alone. MFA may require users to provide two or more of the following:  

• Something the user knows (password, phrase, PIN)  
• Something the user has (physical token, phone)  
• Something that physically identifies the user (fingerprint, facial recognition)  

Check with your vendors to see if they offer MFA for any of your accounts (for example, financial, accounting, payroll). 

Monitor and manage Cloud Service Provider (CSP) accounts

Using a CSP to host information and collaboration services adds needed security, especially under a hybrid work model. Software-as-a-Service (SaaS) providers for email and workplace productivity can help secure data. 

Secure, protect, and back up sensitive data

• Secure payment processing – Work with your banks or card processors to ensure you are using the most trusted tools and anti-fraud services. You may also have security obligations related to agreements with your bank or payment processor. It’s best to isolate payment systems from less secure programs. For example, do not use the same computer to process payments and casually browse the internet.
• Control physical access – Prevent access to business computers from unauthorized individuals. Laptops and mobile devices can be easy targets for theft and can be lost, so lock them if they are unattended. Make sure each employee has a separate user account, and that accounts require a strong password. 
• Restrict privileges – Administrative privileges should only be given to trusted IT staff and key personnel. Perform access audits within your business on a regular basis. This ensures that former employees are removed from your systems. When applicable, former employees should return all company-issued devices.
• Back up your data - Regularly back up data on all your computers. If possible, perform data backups to cloud storage on a weekly basis. This will help minimize data loss. Critical data may include:
  • Financial, human resources, and accounting files
  • Word-processing documents, electronic spreadsheets, and online databases
• Control data access - Audit the data and information you are housing in cloud storage repositories on a regular basis. This can mean audits of your Dropbox, Google Drive, Box, and Microsoft Services. Appoint administrators for cloud storage drive and collaboration tools. Instruct administrators to monitor user permissions as well. Employees should have access to only the information they need.