While most small businesses may understand the importance of cyber security, many might not know the steps to take to improve their security. And if you’re not a cyber expert, it can be nearly impossible to stay ahead of new and ever-evolving cyber threats and risks.
The truth is cyber security best practices go a long way when it comes to protecting your business from a cyber attack. And you don’t need to be an expert to learn and implement them. Before we dig in, let’s start at the beginning with a few definitions of basic cyber security concepts.
Cyber security concepts you should know
To better understand the best security practices we’re covering later, you should be aware of general cyber security concepts such as cyber security, threat surface, cyber attacks, and data breaches.
Cyber security is designed to protect your IT environment — all of your sensitive data, devices, applications, and networks — from cyber threats, vulnerabilities, and risks.
It’s the practices, tools, and techniques that businesses can and should implement to not only keep unauthorized users from accessing their systems but to also ensure employees follow safe computing habits.
Your threat surface
Your threat surface is all the parts of your IT network where cyber criminals could identify security gaps, holes, or other potential vulnerabilities, and gain access.
The challenge is, like cyber threats, your company’s threat surface is always changing and evolving. You add and remove hardware. Your team routinely installs and updates software. Employees connect to your network with new devices. User activity varies every day. All these moving parts make it harder to secure your IT environment.
Understanding, reducing, and protecting your threat surface is foundational. It’s the first step in proactively avoiding a cyber attack and preventing the damage of a data breach.
Cyber attacks & data breaches
Verizon’s 2020 Data Breach Investigations Report shows that nearly one-third of data breach victims are small businesses. Understanding cyber attacks, the motivating factors, and the damage that can result should be high on your priority list.
A cyber attack occurs when a cyber criminal launches an attack on one or multiple computers or networks for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information. There are many types of attack tactics — malware, phishing, man-in-the-middle, and more — and as many motivating factors.
Cyber attacks can disable the systems that you rely on to run your business and may result in data breaches that occur when the attacker destroys, steals, shares, or sells your confidential data.
Attacks can disrupt normal business operations and, if a data breach happens, can leave you with a major bill and significant damage to your business: productivity decrease, reputation loss, customer impact, expensive repairs, data recovery, and even lawsuits and regulatory fines.
The reality is, every business — no matter the size nor industry — should follow best security practices as part of a strong cyber security strategy to protect their confidential data and business operations from cyber attacks.
7 best practices to help you get the cyber security basics right
When it comes to cyber security, getting the basics right is vital. Don’t assume you need to completely reconfigure your company’s IT network or purchase multiple pieces of software to be fully protected. Less can sometimes be more, and it all starts with following best practices.
1. Know your network
Start by understanding what your company’s network looks like — what software you use, how many devices are connected to your network, what devices are exposed to the Internet, what type of data you collect, and who has access to it.
Not knowing your network is like wearing a blindfold. A cyber attack could happen at any point and continue undetected for months, compromising your valuable data, because you missed it.
Learn your IT network and where vulnerabilities may exist, and you’ll be in a much better position to defend against a cyber attack.
2. Train your employees
Anyone in your company who uses the company’s IT network, applications, or email server must undergo cyber security training. At a minimum, teach employees the cyber security basics and a few best practices for safe computing. They should know:
- what constitutes a strong password,
- how to use a password manager,
- telltale signs of a suspicious web link or attachment, and
- what to do if they receive an illegitimate email.
Remember that the level of training should match the job’s level of risk. Employees who handle financial transactions, for example, should receive additional education. Additionally, make sure training is not a check-the-box activity. Conduct regular workshops, either as a refresher or to raise awareness as you learn of new threats.
Small and mid-size enterprises (SMEs) often benefit from using a dedicated training solution or services instead of creating their own. A qualified service will not only provide expert tips on safe computing, but also foster a sense of shared accountability for keeping the company secure.
3. Patch and update software regularly
Keeping your software up-to-date is one of the easiest ways to find and fix vulnerabilities before a cyber criminal gains access. According to a study conducted by Ponemon Institute, 60% of data breaches were linked to an available, but unapplied, software patch.
When a software patch becomes available, it’s usually because the vendor identified a glitch, bug, or some other risk and the patch resolves the issue. If you choose not to install the patch, you’re leaving vulnerabilities open for cyber criminals to exploit.
A patch management tool is a great option that enables you to automate scheduling and patching software, as long as you choose one that fits your unique needs.
4. Require strong passwords
Password attacks are remarkably successful because many people still rely on easily guessed passwords. Reduce that threat by requiring your employees to use strong passwords for all devices. Use unique and complex passwords for every account, composed of upper and lowercase letters, numbers, and symbols.
Investing in a password manager tool is a wise choice as it automates the process of creating, using, updating, and securing passwords.
5. Backup your data
No matter how many steps you take to secure your business, and no matter how confident you are that a cyber criminal won’t find a way in, it’s still important to regularly backup your data.
Backup your data to an external hard drive, a cloud backup service, or another secure location that’s not connected to your network or easily available to attackers on your network.
If a cyber attack occurs, conducting regular backups of data will help you and your employees get back on track. This is especially true for ransomware attacks, as regularly backing up data will mitigate the amount of damage the cyber criminal can cause to your business.
6. Use antivirus software and firewalls
Knowing your network, training your employees, and updating your software regularly are massive leaps forward on the road to a strong cyber security defence. But cyber criminals work around-the-clock, always finding new ways to access and wreak havoc on a company’s network.
Using cyber security services, such as antivirus software to shield your devices from malware and firewalls to protect your network, is a great way to add extra layers of protection.
7. Continually monitor your IT network
Without visibility of the activity in your IT network, it’s challenging to recognize unusual changes or new system behaviors that may indicate a cyber risk or threat. Cyber threat monitoring provides the insight you need to monitor and detect anomalies.
Opt for an easy-to-use cyber threat monitoring platform such as Covalence, which can provide you with alerts and recommendations about potential threats that are simple to understand and act on.
To stay informed about cyber risks and ways that the Covalence threat monitoring and detection platform can improve your cyber security, sign up for our newsletter below.