Summer Security Tips for Small Businesses
While cyber-security attacks hit major enterprises frequently, small businesses are prime targets as they are less likely to have safeguards in place. In fact, a recent poll of nearly 1,500 small business owners found that 87 percent of them do not feel at risk of experiencing a data breach.
Cyber security may seem as overwhelming to some small business owners as the attacks themselves, but there are ways to keep their companies and customers secure. Udemy course instructor, cyber-security expert and former head of the Department of Defense's Cyber Security Red Team Kevin Cardwell shares the top three tips that small businesses can take (without breaking the bank) to keep their brands secure this summer.
1. Ignorance is not blissMany small businesses don’t think they’re going to be targeted by hackers, but they represent a way for hackers to get access to larger companies. It’s the principle of attacking the weakest link and in most cases that’s the small business. Anyone you work with could also be attacked through their network. All small businesses owners need to understand this.
However, the majority of cyber attacks against small businesses are not sophisticated. There are fundamental security controls that anyone can deploy to mitigate most attacks.
2. Safeguard against basic threatsSmall business owners should stop the basic threats first. Here’s how:
• Use application whitelisting to help prevent malicious software and unapproved programs from running
• Patch applications such as Flash, Web browsers, Microsoft Office, Java and PDF viewers
• Patch operating systems
• Restrict administrative privileges to operating systems and applications based on user duties
In general, a simple defense tactic anyone can implement is to not allow your servers to initiate connections with the Internet. A server is designed to receive connections, and not initiate them. Any deviation from this should signal that your system is being penetrated.
3. Segment and IsolateThe most crucial security tactic for small business owners is employee education. Employees are your weakest security link. Even with the correct network security protocol, your employees can still be fooled by hackers. These sorts of attacks usually involve an employee clicking on something, not just once, but multiple times. To combat this, I recommend you employ a tactic I learned in the Navy called “Segmentation and Isolation”.
“Segmentation and Isolation” means designing your network so that when one employee’s computer is compromised, you can isolate the infection to just that one machine. If you can contain a cyber attack to just one machine, you have a success on your hands. Think about cyber security like disease prevention. Your goal as a small business owner is to prevent the spread of disease from patient zero.