Despite the recent cold snap, Spring is here and along with it a renewed focus on digital security.
Cyberattacks on all businesses, but particularly small to medium sized businesses, are becoming more frequent. According to Accenture’s Cost of Cybercrime Study, 43% of cyberattacks are aimed at small businesses, but only 14% are prepared to defend themselves.
Not only does a cyberattack disrupt normal operations, but it may cause damage to important IT assets and infrastructure that can be impossible to recover from without the budget or resources to do so. The most common types of digital attacks on small businesses include:
- Phishing/Social Engineering: 57%
- Compromised/Stolen Devices: 33%
- Credential Theft: 30%
To protect your small or medium sized business from these types of digital infrastructure attacks, even if you have limited personnel or financial resources dedicated to cyber security, here are a few immediate tips you can implement:
- Patch Any Existing Vulnerabilities Now and Continue to Do So on a Regular Basis
Stop ignoring those notifications from Microsoft and other vendors so your systems stay up to date. Create a weekly or monthly “maintenance” checklist and regularly track all applicable patches and update accordingly.
- Secure Your VPN Access
If you have remote employees, you need to keep track of who is logging in via a virtual private network (VPN) and only enable the service for those with a legitimate business need. Make sure that as employees are hired or fired that you update their access accordingly.
- Identify and Record Who Has Administrative Privileges
Make it part of your weekly maintenance routine to look at who has administrative privileges to your network infrastructure and shut down access to anyone who shouldn’t have full permission.
- Don’t Forget Password Lists
When dealing with a service interruption, the last thing you need to be doing is performing password resets. Establish a central source for creating, distributing, maintaining and disabling longer, unique passwords for all users during their employment and departure.
- Create a Backup Strategy, Announce It and Test It
An effective backup strategy will provide your business with the ability to get up and running again quickly following an attack. Establish strong rules and permissions for all users and keep them updated. Set up and maintain a schedule to back up servers at set intervals. Run full backups three times a week with incremental backups each hour.
Staying on top of digital security requirements to protect your critical business information and intellectual property from data breaches can be daunting; however, if you commit to taking some common-sense approaches to network security at regularly scheduled intervals, you’ll be better guarded against future incidents.