Small Business Top 5 – Revised Edition

At the beginning of this blog we had a small business Top 5.  These were 5 things small businesses could do to help strengthen their security without spending a whole lot of money.  Security and money is a challenges for all businesses so we wanted to give some helpful hints that took both into consideration.

As much as things have changed, some things have stayed the same.  The rise of ransomware has been huge and can have a tremendous impact on small businesses, especially if they don’t follow some basic security tenants.  The potential loss of access to your data could be devastating.  At the same time, security discipline remains a key element for all businesses.

As a reminder, these are not listed in order of importance.

These were the Top 5 before:

  1. Employ Strong Password Management and Discipline.
  2. Change Your Default Settings.
  3. Enable Encryption. 
  4. Identify Critical Information.
  5. Safeguard your information.

Here is the Revised Top 5:

  1. Employ Strong Password Management and Discipline.  No surprise really and until we look at other ways to log in to systems, password security will remain on the Top 5.  You need a password for just about everything online.  It’s important to be vigilant and not assume some passwords can be weaker than others because of the frequency of use to that tool or website.  Consider passphrases; use special characters; use UPPER and lower case letters and numbers.  We know what we should do.  The key is having the discipline to do it.  One failed password is the gateway to everything else in your life and your business.  Force yourself and your company to update passwords every 45 – 60 days.  If you use a password tool, do the due diligence and ensure it’s protected.  Have the discipline to do the right thing
  2. Safeguard Your Information.  With the rise of ransomware, we need to ensure that we not only identify our information, and critical information, but that we are taking the steps to safeguard that information.  This includes backing our systems up regularly.  If you back up to the cloud, how secure is that and how often do you back up?  This includes setting up access controls to our networks and systems.  This includes access controls to our offices.  Have you done a vulnerability assessment that incorporates Physical, Personal and Information Security?  If so, how long ago?
  3. Update and Patch. Did you know that if a company upgrades their software that there is a time out period where they will no longer provide support, patches and updates to you?  This is important because once that support goes away, then so does the security?  And this is a key windows attackers like to exploit.  Make sure you are managing your systems and software to ensure you are up to date.  Make sure you have the latest patch?  If you have old software, perhaps now is the time to update your software and eliminate a risk.
  4. Secure your Networks/Change your Default Settings.  One of the biggest vulnerabilities that individuals, families and businesses have is that we don’t change our basic default settings.  When our networks are set up, especially if we have a third party set them up, they leave the default settings in place for the owner.  These settings are well known to attackers and need to be updated and changed as soon as possible.  This includes default settings for webcams, security cameras, baby monitors, baby toys, routers, servers, you name it, a default setting is established until you change it.  Secure your networks and your wifi.  Make sure it’s encrypted and hidden.
  5. Start an education and awareness program. This is a key component and is very low cost.  We don’t know what we don’t know.  If you have employees who aren’t up to date on the latest security issues and schemes, how can we expect them to respond accordingly?  Setting up a security program starts with making security a priority and appointing someone to start the program.  Identify key areas to train.  Build policies.  And hold regular training that looks at new and emerging issues that could be threats to you and your company.  The impact will be immediate.

BONUS ITEM – Have an emergency response plan.  When *it hits the fan, we need to know how to respond and what to do.  If you have a plan, when was the last time you rehearsed it?  Was it a real exercise or a table-top review?  Either is good but there is a difference.  Do both.  If you don’t have a plan, now is the time to start. Think of the possible scenarios that you might encounter and develop a response plan.  This can be fire drills, an active shooter, or an active breach.  What do you do?  And do your employees know?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s