If you’re operating a small business, it doesn’t mean you’re safe from cyberattacks. 81% of all cybersecurity breaches happen to small and medium-sized companies, as they are often unprepared.
To ensure your business is secure, review our recommendations (10 steps) you can take today with a minimal or zero budget and significantly decrease the risks of hackers` attacks.
1. Educate employees.
Humans are not the weakest link. Humans are the best weapon you have against malicious hackers. You just have to train them.
2. Enforce two-factor authentication.
There is no excuse for not doing so. Turn on two-factor authentication on every website, in every system, in every app you use.
3. Use encryption to protect data and communications.
Data encryption is everywhere and is widely used for sensitive communications.
- End-to-end messengers
- VPN for sensitive communications
- HTTPS on all websites
- Cloud files encryption.
4. Protect the endpoints.
Update the software regularly and install an anti-malware solution on computers, smartphones, and other electronic devices your employees use.
5. Abandon Earth
Move to the cloud: SaaS applications, IaaS hosting services, and other professional third-party services with good security practices.
You will never protect your MS Exchange better than Microsoft can protect O365, or Google can protect G-Suite. Mind your threat model, though.
6. Know when your business is hacked.
Use a logging solution or another way to get early notification about being compromised. Canary tools are a modern way to get such alerts, similar to how miners used actual canary birds for work safety.
“Amateurs don’t want to get hacked. Professionals don’t want to remain hacked.”
7. When ready, start using a control framework.
There are plenty of those out there, most of them available for free. CIS, NIST, ISO27k, PCI DSS, to name a few.
- CIS – Center for Internet Security
- NIST – US National Institute for Standards & Technology, SP800 series
- ISO 27000 series of Information Security Management standards
- PCI DSS standard and supplementary materials
8. Get cybersecurity insurance.
Cybersecurity insurance is still affordable to most companies. To lower the premiums, you should follow some basic cybersecurity practices and show them to the insurance company.
9. Do backups
Backup your data regularly to save yourself the time and pain of trying to recover lost data.
10. Challenge your business security regularly.
The “what you don’t know can’t hurt you” principle does not work in cybersecurity. Cyberthreats are invisible, but their consequences are very much apparent. Without regular testing of your protection, you have no idea if it matches the attackers’ efforts.
During the last few years, the number of internet crimes has increased dramatically. Businesses that are victims of cyber-attacks suffer from financial loss and customer trust – they lose the reputation of a trustworthy partner.
So, regardless of the size of your business, protecting your customers’ information should be your top priority.
To make informed and reasonable risk decisions, you must learn two things: the apparatus, e.g., how to reason, and the input sources, e.g., the correct data about the world. The former is a bit tricky and goes far beyond the topic of this webinar. However, the latter is much easier, as we could recommend quite a few data sources. You can check them out here on our Slideshare.
If you want to take the security of your online business to the next level and protect your customers’ sensitive information from cyberattackers, be sure you follow the basic ten steps mentioned above. Watch our webinar to learn more (recorded in Ukrainian).