How small businesses can keep themselves safe from cyberattacks
September 12, 2017
By Matt Loria, CEO, Auxiom
If you own or manage a small or medium business (SMB), you are a busy expert in the field of BLANK (fill in your field of business). Unless you filled in the blank with “IT Security,” you probably aren’t focused on it day in and day out. And when you do focus on IT Security, it’s because of some outbreak of a cyberattack that is blasted all over the news and internet.
There is a lot of fear mongering that happens during or after a major cyberattack. The bad news is most of it is true! The good news is, there are some things you can make sure you have in place to protect your business from cyberattacks.
The reason small business leaders have to worry about cybersecurity is because the SMBs are the low hanging fruit of the cyberattack world. Arguably, they are the most under-protected. So rather than being totally technical, I will relate the things you need to things we all understand from our homes…doors, locks, and alarm systems.
There is no argument that we have to have doors on our house, right? Leave the door open and you will get flies and perhaps some ne’er-do-well strolling in. The first layer of defense in a comprehensive IT security strategy is the corporate firewall. Like the name suggests, it is a “wall” that is in place to prevent “fires” (aka unintended “guests”) from getting through to the other side – the internal network of a company.
Oh, and you want a steel door, right? If you want the door to actually function best, make sure that the firewall is constantly updated with the manufacturer’s Unified Threat Management feature. This is the way to make sure you are up to date with the most recent threats that are out there.
CORPORATE GRADE EMAIL
For the most reliable email, choose industry standard email system like Microsoft’s Office 365 or Google’s G-Suite. Do not accept someone’s hosted email or an exchange server email. If something happens to the hosted email provider, you could be without communication. A more compelling concern is that you don’t know what that provider is doing to secure your email or their environment. Your email could be on a server in some person’s basement. Use a trusted corporate grade email and you won’t have those concerns.
Password, Password123, ADMIN…nope. You need a strong password wherever logins are used. This means you need to have a strong password policy in place. One of the main ideas would be to make sure your employees aren’t writing down passwords and sticking them under their keyboards. Resources such as Connect Safely, a Silicon Valley, Calif.-based nonprofit organization dedicated to educating users of connected technology about safety, privacy and security, offer up-to-date best practice tips to keep you in the know. Learn more by reading their article on how to create and maintain strong passwords at http://www.connectsafely.org/tips-to-create-and-manage-strong-passwords/.
The place that the business owner/leader forgets to look is on the network switches, firewalls, and Wi-Fi systems. Maybe you have a strong password on your PC, but if your infrastructure has weak passwords, you’re in trouble. I would estimate that 50% of small businesses are using the manufacturer’s default password on their infrastructure equipment. You will likely have to call an IT expert to check this out for you.
Can I get your Wi-Fi password? Don’t fall for this one. If you are giving out your company’s corporate internal Wi-Fi password, you are opening the door and keeping it unlocked.
SMB’s need to have Intermediate / Advanced Network Security Wi-Fi systems with secured guest networks. This means that a guest uses a completely separate way to get internet access while visiting your business. Again, on this one, you will likely have to call an IT expert to configure this properly.
If you are holding on to any sensitive client data like social security numbers, credit card numbers, personal information, financial information, health information, etc., you need to make sure that you are not sharing it incorrectly. You also need to make sure that you could tell if anyone entered the house while you were out to dinner…you need an alarm system.
EMAIL PROTECTION SYSTEMS
Microsoft is the leader in office software and in Outlook, Google’s G-Suite is great too, but they are not the leaders in email security. They are great at making sure you can get your email and send it…and they have some decent security features built in. However, if your business is “riding on it,” you need more than just decent security features.
Be aware of non-brand name security. The experts at my company recommend Barracuda ESS on every email account. These types of systems offer email encryption, spam protection, automatic removal of social security numbers and other secure information as well on outgoing email, and other advanced security features for your email.
NETWORK MONITORING SYSTEMS
Would you even know if someone was trying to break into or had broken into your network? Many people confuse network support and maintenance with network security and monitoring. Network support says, “is the firewall on and functioning?” Network Security and Monitoring provides real-time analysis of security alerts generated by network hardware and applications.
Trust but verify. SMB leaders and owners often tell me they feel safe with their IT, but the number one reason people invested with Bernie Madoff “he made me feel my investment was safe.”
There is no single item that makes you safe; it’s a system of solutions constructed together like a good home with doors, locks, and for some, an alarm system.
It doesn’t have to cost an arm and a leg for IT Security, but it will cost you something. Get checked and stay safe.
About The Author
Matt Loria is Partner and CEO of Sterling Heights-based Auxiom, The Gold Standard in Business IT.