Back to Top

A Cyber Security Guide for Businesses

Computer related crimes affecting businesses and consumers are frequently in the new these days.  Most of those stories are bout large companies.  However according to the Verizon DBR report, 83% of small  businesses have confirmed a data breach in one way or another.

 

This guide provides some guidelines on how to safeguard your computer systems and data.

 

Protect Computers and Networks

Install security and anti-virus  software that protects against malware, malicious software and zero-day attacks.  Without these protections a cyber criminal could  access your computer systems and steal passwords and other sensitive data.  Also, use a firewall with the same protections along with Threat Prevention capabilities to safeguard access to your network.

 

Require strong authentication

Ensure use of long and complex passwords.  This would include passwords over 8 characters in length and with a mixture of  lower & upper case letters, numbers and symbols. Consider implementing multi-factor authentication that requires additional information beyond a password to gain access.  This should be applied to computers, smart phones, tablets and WIFI access points.

 

Control Access

Take measures to limit access or the use of business computers.  Only give employees access to the specific data systems they need to do their jobs.  Also, make sure that only employees who need administrative privileges, such as IT staff and key personnel, have them.  With everyone as administrators, the spread of viruses is easier and can affect more systems.  

 

Define, Educate and Enforce Policy

Establish security practices and policies for employees and educate them on acceptable use of the company network.  Enforce those policies and practices where you can by monitoring for violations and hold employees accountable from the top down.  Stress the importance of a strong cyber security policy, especially when it comes to handling and protecting customer information and other vital data.

 

Be careful where and how your employees connect to the internet

Connections should only be made using a trusted and secure link.  Public WIFI and computers found at internet café, hotel business centers or public libraries may not be secure and thus should not be used to connect to the company network.  It can be relatively easy for cyber criminals to intercept the internet traffic in these locations.

 

Email Safety

Employees should be suspicious of unsolicited emails asking them to click on a link or open an attachment.  By doing so your employee may be installing malware on your network.  The safest strategy is to ignore these emails no matter how legitimate they appear.

 

 

Be Socially Aware

Social media sites are a gold mine for cyber criminals looking to gain information on people and improving their success rate for attacks. Attacks such as phishing, spear phishing or social engineering all start with collecting personal data on individuals.  So, educate employees to be cautious with sharing on social media sites.  Letting them know that the details gathered could allow cyber criminals to guess security answers that could allow them to reset passwords and gain access to accounts.

 

Don’t Forget Mobile Devices

Personal mobile devices can be a source of security challenges, especially if they hold confidential information or can access your business’s network.  So create a Bring-Your-Own-Device policy that outlines what employees can do with their own devices.  Consider allowing only guest access (internet only) for employee owned devices.  Enforce password locks on user owned devices.  Access sensitive information only through encrypted VPN connections.  Do not allow storage of sensitive information on personal devices and have a plan if an employee loses their device.  

 

Maintain Your Network

Network and computer manufactures all have updates that are provided to correct security flaws and improve functionality.  Ensure those devices are patched on a regular basis.  Uninstall software that isn’t needed and turn on automatic updates where available.  If possible, deploy a patch management system.

 

 

Protect important systems and data

Make sure that encryption is part of your corporate policy and regularly backup the data from your systems.  Making sure sensitive business data is sent to a secondary location that is secure.  Buy hard drives and USB drive with encryption built in.

 

 

To learn more about Cyber Security or to have an assessment of your environment done, please call us at 941-504-3015 or email info@cybersecurityconceptsllc.com