It happens all too often.
Small to mid-sized businesses make the assumption that they’re not a target – that cyber criminals aren’t interested in their data.
But the truth is, cyber criminals ARE interested in customer/employee financial and identity related information from businesses of all sizes.
So why are small to mid-sized businesses at greater risk of a cyber-attack than larger corporations? It’s simple. While larger organizations have on-site IT staff and rigid security measures in place, many smaller businesses don’t put as much time, effort and resources into cyber security and as a result, they’re more vulnerable.
According to an IBM study, the main causes of data breaches occur as a result of misconfigured applications or systems, followed by user error.
With the cost of a data breach far exceeding what it costs to prevent it, how does your organization stack up?
Use this cyber security checklist as your guide to determine whether your business is at risk. To combat the user error aspect of security, take this security quiz – and ask employees to do the same.
It’s best practice to ensure all employees update and move away from outdated web browsers, applications and plug-ins. Updates apply to operating systems, web browsers, and also Internet of Things (IoT) devices as well.
Whenever possible, enable automatic updates to protect all devices from vulnerabilities throughout the organization. Automatic updates on Windows and Apple operating systems are an easy way to ensure these updates regularly take place, not to mention reducing the risk of a compromised system. Finally, if your office is Bring Your Own Device (BYOD) friendly, remind staff to set their mobile devices to update automatically.
Still using outdated operating systems like Windows XP or Windows Server 2003 in your organization? As each month passes, it becomes increasingly more dangerous to run your business on outdated systems and servers since patches are no longer available – and cyber criminals are well aware of this.
The truth is, there is no better time than now to upgrade outdated systems and hardware. In fact, before you dismiss the idea of upgrading equipment due to budget constraints….
Did you know you can finance equipment and still take advantage of the Section 179 tax deduction?
Section 179 of the government tax code allows your business to deduct the full purchase price of qualifying equipment purchased or financed during the tax year from your gross income.
By financing any equipment and/or software purchases, you can acquire and write off the full cost without paying the full amount during the 2016 tax year. This offers your business the opportunity to maximize your purchasing power and potentially add more equipment! Get more details here.
Similar to browser and operating system updates, Antivirus programs need to be set to regularly check for updates and scans need to be configured to run on a consistent schedule.
Larger organizations configure their networks to report the status of antivirus updates to a central server where updates are then pushed out automatically, as required. Small to mid-sized businesses can achieve this as well through managed services like Desktop Care that leaves the hassle of patches, spyware issues and preventative maintenance to us.
Bring Your Own Device (BYOD) refers to businesses that allow employees to conduct work related activities on their own mobile devices, both in and out of the office.
If your business has a data backup plan, that’s great! But when was the last time you actually tested your backup? Are you certain that in the event of a disaster or data breach, you would be able to restore your data?
In order to minimize downtime, your organization needs to not only ensure backups are easily accessible, but also have a disaster recovery and business continuity plan in place. When you consider the true cost of downtime, the decision to focus company resources on data backup becomes easy.
Many people rely on just a handful of passwords in their personal life, but particularly in a business setting, this practice is VERY risky and puts sensitive company data at risk.
After all, your IT security is only as strong as it’s weakest link.
In fact, data breaches are very commonly a result of insufficient passwords, among other common mistakes.
Your IT policy should mandate complex passwords to be at least eight characters, include upper and lower case letters, numbers and special characters.
It is also advisable to require staff to change passwords four times per year without reusing previous passwords.
Email is a major source of security breaches. In fact, email is one of the most common ways ransomware is spread throughout a business network. For this reason, it’s important to ensure company mail servers are adequately protected by security software and certain email attachments are restricted from your network. Commonly used file attachments used to spread viruses are .BAT, .EXE, .PIF, .VBS and .SCR files.
Employee Awareness Training
Everyone has received a phishing email at some point in time and for this reason, employee education is key. Remind staff to hover over questionable links and never open email from senders they don’t recognize. If a link is questionable, it’s always better to open a new browser to visit the website. These and other great tips can be introduced to employees through fun exercises like this Phishing IQ Test from SonicWALL or our Cyber Security quiz.
Online file sharing websites like consumer grade versions of Dropbox can put your business at risk of data theft, data loss or worse. Instead, it’s better to use a business grade file sharing solution that supports the BYOD trend and allows employees to access company files securely, from any device, anywhere.
Since it is such an important aspect of business security, employee education has been a theme throughout this cyber security checklist. Educating staff about cyber security can be done in 3 simple steps.
STEP 1) Set Clear Policies
When establishing policies, ask questions like:
STEP 2) Educate employees
A study by CompTIA revealed that only 54% of companies offer cybersecurity training – don’t make this mistake. When educating employees, reference unsafe practices and provide access to email and security tests.
STEP 3) Enforce security policies
It’s not enough to verbally enforce security policies. Require employees to sign a mandatory document stating they understand company policies and their responsibility. Without this necessary step of enforcement, employees have no incentive to comply.
While this security checklist is not a comprehensive list, it is a great starting point for your Milwaukee area business. Since cybercrime increasingly becomes more sophisticated each year, the security measures within this checklist will help to secure your network, but it is only through a layered security approach that you can achieve the highest level of security for your business.
Today we’re a launching a new series on our blog to answer commonly asked questions and give businesses an inside...