Cybersecurity has been a chief concern among small business owners for some time, but protecting data from bad actors has become even more important since the pandemic. The pandemic forced businesses to do things differently, and many of those changes (like having a remote workforce) came with new security needs. IBM’s Cost of Data Breach Report for 2021 revealed that businesses have seen cybercrime costs increase 10% from 2020 to 2021.
While businesses cannot safeguard against all cyberattacks, they can put themselves in a position to prevent most that come their way, and to contain breaches quickly if they do become victims. Basic IT hygiene can go far in controlling the negative effects of cyberattacks, and the great news is that many of these fixes are simple and quick to implement.
Put measures in place to restrict access to data. Network firewalls, border routers, intrusion protection and detection systems, and DMZ systems are a simple and effective ways to prevent unauthorized users from gaining access to your network and your organization’s systems, but teaching employees to physically secure their laptops and cell phones, especially when they’re off premises, can add an additional layer of protection.
Use Multifactor Authentication
Multifactor authentication requires the user to verify their identity more than once. For example, two-factor authentication may require the user to enter a username/password and a one-time auto generated code that is sent to their cell phone. If you want to improve access control, you can always add an additional factor — biometric or contextual authentication, for example — to verify identity.
Provide Security Awareness Training
Security awareness training will help your employees understand what cyberattacks look like and how they can help prevent those attacks. Regular security awareness training keeps cybersecurity top of mind and can give you a secure channel to discuss emerging threats.
Secure Connections for Remote Workers
Remote access virtual private networks (VPNs) are essential when you have a remote workforce. When employees connect to the company’s network remotely, you cannot guarantee that their connection is secure. To shore up security weaknesses, you can require your employees to log into a VPN when they’re outside of the office. A VPN creates a private and secure connection with your local network so that your worker’s activity is directed through secure channels.
Back Up Your Data
Securing your data is only one part of proper data management. You should also do regular back ups. The Cybersecurity and Infrastructure Security Agency recommends that you use the 3-2-1 backup rule.
3: Keep three copies of important files.
You should have one primary file and two backups.
2: Keep data in two different formats.
Possible formats include internal hard drives, external hard drives, DVDs, etc.
1: Keep at least one backup file offsite.
“Offsite” could be a disk that is held in a storage unit, a second site that replicates your network drives, or even cloud storage.
Backups protect your data if is stolen or corrupted by bad actors, or if there is a natural disaster that damages your network.
Deploy Software Solutions + Patches
A good antivirus software can automatically scan the network or individual computers to detect and remove malicious software. Most antivirus and malware software can be scheduled at a time that’s convenient for your business, like when your employees leave for the day. After your software is installed, keep it patched. Your software provider will release new pieces of code (called “patches”) that you can install on your existing software to guard against emerging threats.
Employ New Technologies
Artificial intelligence (AI) for security is gaining traction in the business world. AI and automation technologies can be used to:
- Detect threats
- Predict future threats
- Weed out false positives when testing for breaches
- Provide insight on what actions lead to data breaches
- Prioritize threats so leaders can focus on the most important risks
AI can be tricky to implement, but top-performing businesses have found that their investment has paid off. These businesses have, on average, reduced data breach costs by 18% and reported returns on investment of 40%. If AI is a bit too much for your team to implement right now, there are automation technologies that can — for example — run scans and compile reports to save time for your IT team.
Tone at the Top
Your cybersecurity practices will be all for nothing if your leaders aren’t on board. Any time you make a change to your business, you’ll need to consider how that change will impact your security. The C-Suite should be comfortable talking business strategy with key members of the IT team so that security risks are considered when making strategic moves.
Cyber hygiene isn’t something you can think about only once or twice a year; you need to practice these habits regularly if you want to protect your business from data breaches. Contact your LaPorte advisors if you want to discuss your cybersecurity.