While most small businesses may understand the importance of cyber security, they might not know the steps to take to improve their defence. And if you’re not a cyber expert, it can be nearly impossible to stay ahead of new and ever-evolving cyber threats and risks.
The truth is cyber security best practices go a long way when it comes to protecting your business from a cyber attack. And you don’t need to be an expert to learn and implement them. Before we dig in, let’s start at the beginning with a few definitions of basic cyber security concepts.
Cyber security concepts you should know
To better understand the best security practices we’re covering later, you should be aware of general cyber security concepts such as cyber security, threat surface, cyber attacks, and data breaches.
Cyber security is designed to protect your IT environment — all of your sensitive data, devices, applications, and networks — from cyber threats, vulnerabilities, and risks.
It’s the practices, tools, and techniques that businesses can implement to keep unauthorized users from accessing their systems and ensure employees follow safe computing habits.
Your threat surface
Your threat surface is all the parts of your IT network where cyber criminals could identify security gaps, holes, or other potential vulnerabilities, and gain access.
The challenge is, like cyber threats, your company’s threat surface is always changing and evolving. You add and remove hardware. Your team routinely installs and updates software. Employees connect to your network from new devices or locations. User activity varies every day. All these moving parts make assessing and securing your threat surface a challenge.
Understanding, reducing, and protecting your threat surface is foundational. It’s the first step in proactively avoiding a cyber attack and preventing the damage of a data breach.
Cyber attacks & data breaches
Verizon’s 2020 Data Breach Investigations Report shows that nearly one-third of data breach victims are small businesses. Understanding cyber attacks, the motivating factors, and the damage that can result should be high on your priority list.
A cyber attack occurs when a cyber criminal launches an attack on one or many computers or networks to disrupt, disable, destroy, or maliciously control computing infrastructure, destroy the integrity of data, or steal controlled information. There are many attack tactics — malware, phishing, man-in-the-middle, and more — and just as many motivating factors.
Cyber attacks can disable the systems that you rely on to run your business and may result in data breaches that occur when the attacker destroys, steals, shares, or sells your confidential data.
Attacks can disrupt normal business operations and, if a data breach happens, can leave you with a major bill and significant damage to your business: productivity decrease, reputation loss, customer impact, expensive repairs, data recovery, and even lawsuits and regulatory fines.
Every business — no matter the size nor industry — should follow best cyber security practices as part of a strong cyber security strategy to protect their confidential data and business operations from cyber attacks.
7 best practices to help you get the cyber security basics right
When it comes to cyber security, getting the basics right is vital. Don’t assume you need to completely reconfigure your company’s IT network or purchase multiple pieces of software to be fully protected. Less can sometimes be more, and it all starts with following best practices.
1. Know your network
Start by understanding what your company’s network looks like — what software you use, how many devices are connected to your network, what devices are exposed to the Internet, what type of data you collect, and who has access to it.
Not knowing your network is like wearing a blindfold. A cyber attack could happen at any point and continue undetected for months, compromising your valuable data, because you missed it.
Learn your IT network and where vulnerabilities may exist, and you’ll be in a much better position to defend against a cyber attack.
2. Train your employees
Anyone who uses the company’s IT network, applications, or email server must undergo cyber security training. At a minimum, teach employees the cyber security basics and a few best practices for safe computing. They should know:
- what constitutes a strong password,
- how to use a password manager,
- telltale signs of a suspicious web link or attachment, and
- what to do if they receive an illegitimate email.
Remember that the level of training should match the job’s level of risk. Employees who handle financial transactions, for example, should receive additional education. Additionally, make sure training is not a check-the-box activity. Conduct regular workshops, either as a refresher or to raise awareness as you learn of new threats.
Small and mid-size enterprises (SMEs) often benefit from using a dedicated training solution or services instead of creating their own. A qualified service will not only provide expert tips on safe computing, but also foster a sense of shared accountability for keeping the company secure.
3. Patch and update software regularly
Keeping your software up-to-date is one of the easiest ways to find and fix vulnerabilities before a cyber criminal gains access. According to a study conducted by Ponemon Institute, 60% of data breaches were linked to an available, but unapplied, software patch.
When a software patch becomes available, it’s usually because the vendor identified a glitch, bug, or some other risk and the patch resolves the issue. If you choose not to install the patch, you’re leaving vulnerabilities open for cyber criminals to exploit.
A patch management tool is a great option that enables you to automate scheduling and patching software, as long as you choose one that fits your unique needs.
4. Require strong passwords
Password attacks are remarkably effective because many people still rely on easily guessed passwords. Reduce that threat by requiring your employees to use strong passwords for all devices. Use unique and complex passwords for every account, composed of upper and lowercase letters, numbers, and symbols. It may seem like common sense, but ensuring secure passwords across your business is a key element of cyber security.
Investing in a password manager tool is a wise choice as it automates the process of creating, using, updating, and securing passwords.
5. Backup your data
No matter how many steps you take to secure your business, or how confident you are that a cyber criminal won’t find a way in, it’s still important to regularly backup your data.
Back up your data to an external hard drive, a cloud backup service, or another secure location that’s not connected to your network or easily available to attackers on your network.
If a cyber attack occurs, conducting regular data backups will help you and your employees get back on track. Backups are especially helpful if your data becomes encrypted during a ransomware attack. You can restore your files from the latest backup to minimize the damage caused by the cyber criminal.
6. Use antivirus software and firewalls
Knowing your network, training your employees, and updating your software regularly are massive leaps forward on the road to a strong cyber security defence. But cyber criminals work around-the-clock, always finding new ways to access and wreak havoc on a company’s network.
Using cyber security services, such as antivirus software to shield your devices from malware and firewalls to protect your network, is a great way to add extra layers of protection.
7. Continually monitor your IT network
Without visibility of the activity in your IT network, it’s challenging to recognize unusual changes or new system behaviors that may indicate a cyber risk or threat. Cyber threat monitoring provides the insight you need to monitor and detect anomalies.
Opt for an easy-to-use cyber threat monitoring platform such as Covalence, which can provide you with threat alerts and security recommendations that are simple to understand and act on.
A few simple cyber security basics can go a long way when it comes to protecting and securing your business from cyber threats. It all starts with following best practices. Every business should ensure that there’s a base understanding of the cyber security basics as part of a strong cyber security strategy.
To stay informed about cyber risks and ways that the Covalence threat monitoring and detection platform can improve your cyber security, sign up for our newsletter below.