Cybersecurity Do's and Don'ts for Small Business

Summary: The essentials of SMB data security, including cybersecurity do’s and don’ts and small business IT support.

Q: What are the most important cybersecurity “do’s” for small businesses?

A: Small businesses should use strong, unique passwords, enable multifactor authentication, and keep all software updated. Regular data backups and employee cybersecurity training are also essential. Monitoring systems for unusual activity and limiting access to sensitive information help create a strong foundation for protecting business systems and data.

What Are the Essentials of SMB Data Security?

Small and midsized businesses (SMBs) often suffer from the age-old process of weighing costs against benefits. Cybersecurity is rarely a priority, partly because it’s an intangible for business owners who are not technically astute. Often, until faced with a cyberattack, SMBs don’t consult IT professionals to secure their networks. By then, the costs of poor cybersecurity will dramatically outweigh any savings previously achieved by a do-it-yourself approach to protection from data breaches. However, even after you collaborate with IT security experts to strengthen your cyber defenses, ongoing cybersecurity is a team effort; all employees must strictly follow security protocols.

Q: What are common cybersecurity “don’ts” businesses should avoid?

A: Businesses should avoid reusing passwords, clicking unknown links, or downloading unverified attachments. Ignoring software updates or delaying security patches can leave systems vulnerable. Employees should never share login credentials or bypass security controls, as these actions can expose the business to preventable cyber threats.

What Are the SMB Data Security Do’s and Don’ts?

All employees should embrace online best practices, at all levels, at all times.

Basic company-wide cybersecurity do’s and don’ts must include:

Password Security – The days of using the same password for all online accounts are long gone. As cybercrime skyrockets, it’s imperative to use different strong and unique passwords for different accounts. That way, if hackers breach one account, they will not have ready access to your other accounts. Also, if your passwords are easy to guess, you can bet that a hacker will find them even more accessible. A combination of upper and lowercase letters, special characters, and numbers will strengthen your passwords. Hackers now use automated software to try passwords against multiple sites at once.

Also, to make the process of selecting and remembering difficult-to-guess passwords easier, password management apps can generate random, strong passwords and store them securely for ongoing use. Password managers will even alert you if one of your passwords becomes part of a known data breach.

Finally, never share your passwords with anyone. Your private credentials are the first layer of protection against a cyberattack. Maintaining password confidentiality will help narrow the range of possible vulnerabilities. Set of multi-factor authentication so you will get an alert when someone is trying to log in to one of your accounst.

Protection of Private Data – Just as you wouldn’t be likely to print out hard copies of your personal data and post them on office bulletin boards, the same practice must apply to an online posting. Posting information, such as your address, social security number, and credit card data, is an “invitation” to cybercriminals. Also, communicating such information via email presents cyber risks and should be done in a secure environment and only when absolutely necessary. If you regularly need to share private or confidential information online, ask your cybersecurity provider about secure document encryption software.

Email Phishing Attacks – It’s essential to understand the signs of phishing scams. Emails from unknown or untrusted sources, suspicious attachments, or embedded links can be the delivery mechanism for a cyberattack. It’s equally important to understand that one wrong click can open the door to a system-wide data breach. Think before you click and report any suspicious emails you receive to IT support.

Security Awareness – We wouldn’t let anyone look over our shoulder when withdrawing cash from an ATM or entering a password into a cashier’s keypad for a purchase in a store; the same awareness should apply to all online work. Whether printing something in your home office or working on your laptop while waiting at an airport, it’s vital to be aware of your surroundings and people who could be watching your activities while waiting for opportunities to steal your confidential data from a printer, screen or desk.

File Destruction – Always take care when destroying files. Whether printed or digital, files can hold sensitive or private data that can be harvested by hackers or insider threats if not disposed of properly. To ensure proper data deletion or secure its proper storage, it’s best to consult with IT professionals to us updated data destruction protocols before donating or recycling old devices.

Removable Media – USB drives, flash memory cards, and other removable media should be tightly controlled and treated as a privilege with restrictions based on user permissions and needs. Also, untrusted devices can be pre-loaded with malicious code, ready to launch an attack.

Always Lock Computers and Mobile Devices When Not Using Them – It’s an excellent practice to lock your devices when you aren’t using them. Leaving a connected device open and logged on when you take a break or walk away from them opens another door for possible data theft. Set screen time-outs so no one can access your device without your password or biometric information.

Do Not Use Public WiFi – Unsecured, public WiFi is an open door to hackers. Many cybercriminals spend all day in train stations, waiting rooms and airports waiting for unsuspecting users to log on so they can hack them in real time, sometimes sitting only a few seats away. Therefore, unless you use a virtual private network (VPN) on your device, it is wise to avoid public WiFi, especially for financial transactions.

Report Suspicious Incidents – If you receive emails, attachments, or texts that seem suspicious, have problems logging on to an account, or you notice your device malfunctioning in an unusual way, you must immediately report such events. Continuing to work in a potentially unsecured network can allow a malware attack to spread deep into your company’s system. If your company has no IT department, consult an IT security provider immediately. The longer malware and hackers are on a device, the more damage is done.

Q: What should employees do when they encounter suspicious activity?

A: Employees should immediately report suspicious emails, messages, or system behavior to management or IT support. They should avoid interacting with the content, such as clicking links or opening attachments. Quick reporting allows businesses to respond faster, investigate potential threats, and prevent further damage to systems or data.

How Can You Implement Small Business IT Support?

Comprehensive cyber risk management is vital to running a small or midsized business. Unfortunately, smaller companies have neither the time nor the budget for a full-time IT department. In addition, they also lack the expertise to take the necessary steps to assess and protect their cyber vulnerabilities.

The cost of basic proactive security is far less than a single data breach. Costs can include notification expenses, legal costs, IT recovery costs, regulatory fines, network downtime, loss of trust from clients and business partners, and more. Connect with us if you’re looking for a New York-area IT security company, or contact a small business IT security expert near you to learn more about cybersecurity do’s and don’ts and getting affordable managed cybersecurity for your business.