Being responsible with data is essential for a modern business. Read our rundown of best practices that you can adopt to help your cyber hygiene strategy.
May 20, 2020
Update, May 2020: Cyber hygiene has never been more important. With businesses around the world and the country dealing with the pandemic, cybersecurity concerns have increased with a proliferation of attacks aimed at end users everywhere.
It’s important for businesses to stay vigilant during these times—the last thing any SMB wants to deal with now is a data breach.
Cyber hygiene Is Key to the Modern Workplace
Cyber hygiene—practices for ensuring the safe handling of data—is essential now that modern workplaces are hotbeds of digital solutions and big data sets.
We’ve decided to take a closer look at what small and midsize businesses should be doing in order to look after their data and avoid being the victim of a hack.
Virtually every SMB has implemented a strategy for digitizing at least one aspect of their organization.
Whether it’s an extensive roadmap for years or a simple migration of an email server to get the ball rolling, small and midsize businesses are engaging in digital transformation in one way or another en masse.
This has led to a sharp increase in the amount of digital technology that has to be safeguarded in office environments, particularly with the rise of Internet of Things (IoT) tech.
Company data is accessed and shared through a large number of devices, and SMBs are struggling to catch up with their cybersecurity standards.
96% of IT decision makers believe their organizations are susceptible to external cyberattacks. If you add into the mix that SMBs are targeted by cybercriminals more than ever—nearly half of all attacks focus on small and midsize businesses—then you’ve got a recipe for disaster
What Exactly Is Cyber Hygiene?
Cyber hygiene is the process of observing correct routines to ensure the integrity of data within a network.
For a business, this means establishing practices that keep customer and employee data as secure as possible.
The Weak Link
Cybercriminals, for the most part, largely depend on human error and poor cyber hygiene for their success.
52% of businesses admit that employees are their biggest weakness in IT security, with their careless actions putting business IT security strategy at risk
An obvious example of this is phishing, where fraudsters attempt to get victims to give up information by posing as a trustworthy entity, before asking for sensitive details.
This usually takes the form of an email. Less sophisticated phishing scams are often spotted, but more convincing attempts require a keen eye for detail to detect.
Cyber scams like phishing are law of averages games; sooner or later, someone will fall for it.
This is one of the many reasons why having a strong emphasis on cyber hygiene is so important for SMBs.
Here’s Eight Things You Can Do to Bolster Your Business’ Cyber Hygiene
1. Install a Network Firewall
A firewall for your network is the first line of defense in your cybersecurity strategy.
Robust firewalls keep out unauthorized users from accessing data, email, and applications. In short, it keeps verified users in and unverified users out.
For system admins, this means whitelisting approved users, blacklisting unknown users, and ensuring that any communications through wireless connections use WPA encryption.
2. Use a Quality Antivirus
Antivirus software has been a staple cybersecurity measure for years. But, while the vast majority of SMBs utilize some sort of antivirus, the disparity between offerings can be large.
Recent studies suggest that despite the number of solutions that IT departments are able to benefit from, overall confidence in security solutions remains low, with just one in five small and midsize businesses fully confident in their IT solutions.
While free options for antivirus might be adequate for very small businesses, SMBs must be sure that their antivirus is of an acceptable standard to safeguard their network. At a minimum, your antivirus should:
Eliminate malicious codes and software
Schedule automatic scans
Analyze the health of PCs and other devices
Target specific files for malware detection
3. Encrypt Your Devices
Solutions provide peace of mind by encrypting devices, emails, and data.
Modern workplaces are often heavily decentralized, typically because of the number of devices which operate in networks.
IoT tech and BYOD policies have led to new security challenges for SMBs.
For small businesses, increasing reliance on the Internet of Things represents a type of industrial revolution, with over 50% of new businesses predicted to dive into IoT technology as soon as this year
The amount of devices, whether it’s cell phones, laptops, printers, or even smart TVs, has surged, meaning there are many more entry points for cybercriminals to take advantage of.
Using encryption on all devices which access your network is a critical aspect of ensuring the prevention of data loss.
4. Back Up Regularly
It’s crucially important to consistently back up your organization’s data.
SMBs possess more data than ever, and the amount of information created and processed by businesses increases every year.
90% of all data in the world was generated in just the last two years
This has put more pressure on small and midsize organizations to effectively look after the data they collect.
In addition, new data laws brought about to protect consumers, such as GDPR and CCPA, are mandating that companies take more responsibility for maintaining data.
Backups can be stored on physical servers on-premise, or through the cloud. Both options provide the ability to secure your data with image-based backups.
These images can be backed-up as frequently as every 15 minutes if using cloud-based storage, keeping data loss to minimum in the event of disaster recovery.
This may seem obvious, but weak passwords are still an enormous blind spot for many organizations.
Of confirmed data breaches that affect SMBs, nearly two-thirds occur because of weak, default, or stolen passwords.
This is because of hacking techniques like brute force attacks, which use algorithms to input millions of password attempts in order to gain entry to a system.
These types of attacks have seen a recent surge, making it all the more vital for businesses to implement strategies for strong passwords in the workplace.
At a time when SMBs are turning to advanced technologies to improve their operations, it seems careless not to adopt a password protocol—a simple way of avoiding unnecessary harm.
Make strong passwords a policy, weak password protocols are asking for trouble.
6. Adopt Multi-Factor Authentication
Multifactor authentication (MFA) is, in many ways, a natural extension of having a solid password protocol.
As the name implies, multiple authenticating processes are required for access. This can take the form of any combination of password, fingerprint, PIN code, verification text or email, and more.
Microsoft cloud services see 300 million fraudulent sign-in attempts every day. They estimate that MFA blocks 99.9% of automated attacks
MFA has proved enormously successful in heading off attacks, particularly brute force cyberattacks.
Wherever possible, utilize multifactor authentication on devices operating within your organization for added security.
7. Update Device Software Regularly
Many SMBs fall victim to the mentality that they’re simply too small to be targeted by cybercriminals.
This is very dangerous mode of thinking for small and midsize businesses to have. If you possess data, then you’re a target.
A worryingly large percentage (40%) of SMBs don’t regularly update their software, and with the number of attacks on SMBs rapidly increasing and the likelihood of organizations going bankrupt after an attack, there’s a perfect storm for trouble.
One of the primary methods for gaining access to a network is through taking advantage of exploits in software.
It is absolutely essential to keep your software applications and operating systems up to date. We would always recommend enabling automatic updates in order to plug the gaps as soon as they appear, and preferably use a remote monitoring solution to push these updates to all devices through a single IT professional.
At Impact Networking, for example, we’ve vetted literally hundreds of solutions to make sure that our clients get a good multi-layered solution for their organizations.
A quality MSSP does the heavy lifting so that you can focus your IT staff on business objectives. It’s one of the reasons that SMBs are more frequently partnering with providers in order to meet their IT needs.
An MSSP gives you everything we’ve gone through today, plus a roster of cybersecurity experts to combat threats for you.
If you’re wary about hiring a full cybersecurity team for your business, consider utilizing an MSSP for their experience, solutions, and certified support staff to help.
In light of recent events, many organizations have found themselves playing catchup with their cybersecurity, trying to implement makeshift solutions to make up lost ground while their workforces are working remotely for the immediate future.