.png)
We've all heard it, cybersecurity is important, you need to secure you business. The problem many small businesses face when looking into doing this is, it can get expensive, fast. You start seeing what is "normal" for security in business and start asking yourself "How am I going to afford all this?" The problem is, most articles and sites you see aren't considering a small business, their audience is medium to large businesses that already have a full IT infrastructure and big budgets. So what CAN you do to secure your small business? Let's start off with the things you can do with the best price tag, free. There are a ton of steps that will cost your business absolutely nothing to do and still increase your security. The first thing you should do for any business where anyone logs into anything for business purposes is have strong passwords. The standard recommendation for a strong password require a minimum of 8 characters and includes uppercase, lowercase, numbers and special characters. At All American Cyber we recommend a minimum of 12 passwords and when possible, disallowing sequential numbers and letters that can lead to easily cracked passwords such as password12345, or waterfall passwords such as 1qaz2wsx3edc.
So we have a password policy in place, now Multi-Factor Authentication, or 2fa, should be implemented on anything that allows it. Generally speaking, 2fa will require a user to have an authenticator app, such as Google Authenticator, on their phone that provides one time passcodes that change every 30-60 seconds and will be entered after the username and password. This extra layer of security is usually also free and makes hacking accounts vastly more difficult. While it may cause a slower login process, the benefit is if anyone were to gain access to your usernames and passwords they would need to also get the authentication codes as well to log in, making the usernames and passwords nearly useless to the attacker.
So this next one will range in price from free up depending on how in depth you go. Cybersecurity training is another way to vastly boost your ability to prevent attacks. There is a ton of free training available as well as paid courses or consultants that can come in and give more targeted training to your specific needs. Here is a list of some of the free training available to everyone, and we at All American Cyber highly recommend that every employee take courses like this at minimum yearly. Keep in mind that cyber criminals want the easiest targets, and by not having regular training you may fall into that category.
So now on to the not so free stuff, but still not as expensive as you think. For starters, lets talk about backups. Backups are absolutely critical in the case of getting hit with ransomware and very important for many other types of attacks, and believe it or not, you may have access already to backups without realizing it! If you use Microsoft Office you have backups for your files through OneDrive included in your office suite. Most small businesses don't need expensive bare metal backups that back up every last thing on a system, they just need their key files like HR documents, payroll information, company images and the like backed up.
If you do want more robust backups there is software available such as Datto, Infrascale, and others that cater to small businesses, you can even use Infrastructure as a Service models like Microsoft Azure or Amazon Web Services to set up backups and only pay for what you are using instead of having to pick an expensive plan that includes way more data than you'll ever use. Using these IaaS models can save you tons of money, but keep in mind they are more hands on that products like Datto or Infrascale so be ready to learn the service or get outside help.
Next lets talk about your Wi-Fi. Almost everybody uses wireless internet these days, and often times many businesses have public Wi-Fi for customers to use as well. While this is convenient and often expected it can lead to security issues. Having minimal security could allow an attacker to easily gain access to parts of your network that could lead to data loss, theft, or other crimes. Your router(s) should always have the latest firmware updates, the password for your private network should be strong, and administration passwords should be VERY strong to minimize your risks, and your Wi-Fi should always be using the best available encryption, if available WPA-3 should be used, but if you have older hardware, WPA-2 is good as well.
Auditing can be an important step to recognize an attack during, or shortly after, and minimize damage. This is free moneywise, but can be time intensive. You, or a hired service, should regularly be looking through logs to see any changes made to files, passwords, accounts, etc., as you monitoring your company bank account for any "odd" charges. Many cyber criminals don't want you to know you've been attacked so they can continue to steal or damage your business, and this is why regular audits are important. You may not notice a couple hundred dollars coming out of your business' bank account, and over time the criminal may steal thousands from you, so be sure to check back periodically and pay attention!
Lastly, you need a plan if something does happen. Like a parachute, it's better to have it and not need it, than to need it and not have it. By having an incident response plan in place, in the unfortunate event a cyber attack does happen you will know what to do and be able to act quickly and effectively to stop the damage. Hyperproof provides a more in depth write up on the what, why, when, and how so be sure to check that out, but do not skip this step, as it may save you hours and money in the future!
So as you can see, cybersecurity doesn't have to be cost prohibitive for your small business. You don't need a server room with a full blow incident response team waiting for the bad guys, leave that to the big targets. At All American Cyber, we would be happy to give you a free cybersecurity consultation and help guide you to products and services that would fit your specific needs, even if its not through us! By preparing today for risks you could save your business from catastrophe down the road, so don't hesitate get started and making sure you are secure today!
Comments