Internet Security Is Important for Small Businesses

internet-securityStarting a small business and becoming successful is a dream many of us share. But the journey is often long and hard, wrought with traps and dangers for the unprepared. As technology becomes an increasingly important part of every business, so too does the use of appropriate security to safeguard that technology.  Internet security is important for small businesses, not just Fortune 500 giants.

What has made a big splash is the integration of the internet into nearly every aspect of business. Even a company selling cupcakes needs to have an online presence to survive. That melding of the real world with the online world presents security challenges that can prove very costly—for the uninitiated. Even online professionals and bloggers need to keep up with cybersecurity and sometimes make mistakes, but you need to create an environment that doesn’t allow for any errors in judgement.

With that in mind, here are a few tips that can improve your cybersecurity efforts without breaking the bank:

1. Don’t Leave the “Door” Open

Small businesses usually start out very naïve. Their digital doors are wide open because their points of entry are poorly secured. Depending on the type of business, this can take a few different forms:

  • Accounts and their passwords
  • Networks and their ports
  • Individual devices and their connections

When I mention accounts, I’m referring to their login details. An alarming number of small businesses (and everyday users) don’t take seriously how important creating a strong password can be. Business logins should be unique and distinct from private logins, and their passwords should be held to the highest standards.

Regular users should expect to use at least eight characters with a mixture of numbers and symbols, but businesses should go one step further. Store passwords as encrypted data using a service such as LastPass. Use two-factor authentication to maximize security by requiring a secondary login method, which can render password theft irrelevant.

Change passwords regularly and revoke access to former employees should they leave the company for any reason. Treat account access as a “need to use” privilege and only give the keys to those who absolutely need them.

If your business uses a local network, make sure that network is secured by a Firewall and that all unused ports are closed. Used ports should be monitored so that they can’t be infiltrated. Take security warnings seriously. You’ll get a lot of false alarms, but it only takes one to ruin your business. Ensure your network is password protected in the same way your accounts are.

Mobile businesses may have employees that access business information from their own devices. “Bring your own device” sometimes also means “bring your own malware.” Computers used for work, whether they belong to the company or private individuals, should be required to install security software.

2. Affordable Cybersecurity Software

For end users, security software is often available for free. Businesses should always opt for the premiere editions that offer additional levels of security and culpability on the part of the company doing the securing. Some of the most important tools include:

  • Online security software
  • Virtual Private Networks (VPNs)
  • Backup software
  • Data removal software

Every device the company uses should have up to date anti-viral software.  Symantec offers a number of different choices, as do other companies that normally provide freeware versions of their software, such as Panda and Avast. Perform checks with employees regularly to ensure they’re updating their software and running scans.

Devices that go outside of your network should have VPNs such as ExpressVPN installed to protect them from unsecured WiFi and data theft. A VPN allows users to connect to a remote server, which makes their access anonymous and also encrypts the information being sent and received. While these services aren’t free, they safeguard the activities of remote employees and reduce the risk of an external breach.

Both servers and individual computers should have backups performed regularly to prevent data from being permanently lost. This is especially true of any device that holds customer data, as losing a client list could be a major blow to your business. Enlist a service such as Carbonite to handle your backups, or else perform manual backups using offline servers or hard drives. What you should use depends a lot on how much data you need to store.

Small businesses (and sometimes large businesses) sometimes fail to realize that just putting something into the recycling bin doesn’t mean permanently deleting it. Unless your business runs software such as CCleaner regularly, data isn’t necessarily gone and can potentially be recovered by unauthorized parties. The result could be a data breach that your business is responsible for.

3. Internet Security Education Costs Far Less Than Ignorance

Training your employees costs money. It also takes time to educate them on safe internet practices and how to handle technology properly. Yet not investing in their training will hurt you as your company grows. Not only will you have a lower retention rate (either because you have to let people go or because they’ll get frustrated), but you may end up having to fix costly mistakes.

Focus on teaching your employees (and yourself) the basics of internet use and internet security. By now, you’re already familiar with the right types of software to use and how to create secure accounts, but there are other types of dangers to avoid. Specifically:

  • Identifying and avoiding scams
  • Recognizing stolen accounts
  • Avoiding the spread of sensitive information

A variety of scams appear on the internet, but they exist for a shared purpose: to steal from you or your company. One of the most popular scams currently is called a phishing scam, whereby a fake hyperlink or website poses as something you trust to fool you into surrendering information such as login details, account numbers, and social security numbers.

Catfish scams involve people posing as someone else in order to solicit financial gains. While these scams are often personal in nature, they can still damage a company if the assets of an important employee become threatened.

Stolen accounts (usually the result of scams) will frequently be used to perpetuate additional kinds of theft. The type of theft can range from siphoning bank accounts to using those stolen accounts to steal other accounts (often by sending malware disguised as safe work files or photos to a friend).

Teach your employees to look for unusual behavior or language that might be a tip off that someone isn’t who they appear to be. Employees should immediately report any loss of access to their accounts, as this can help other employees avoid additional threats and loss.

It’s expected that you and your employees will use the internet for purposes other than business. However, make sure your employees know that all company dealings are private. Customer information should never be shared outside the company, and employees should be expected not to share personal details that may pertain to activities within the company. Make sure everyone knows unbecoming behavior could be grounds for dismissal.

Remember: you are your company. Everything starts at the head, and if you aren’t a master of internet security, your company certainly won’t be either. Take action today to make your company secure.

 

About the Author: Cassie Phillips is a writer for SecureThoughts.com. As a member of a small business, she is regularly confronted with the security challenges that require a mixture of innovation and teamwork. She writes with the hope that others will become more familiar with safe practices as a result.