Throughout history, people have enjoyed making checklists, from philosophers to Founding Fathers. So, in honor of that feel-good moment you get when you cross an item off your to-do list, we present to you a practical cybersecurity checklist for your small or medium-sized business (SMB).
As a business owner, you’ve got a lot on your plate, from daily operations to strategic planning. You ensure things run smoothly to position your business for growth, yet you may be overlooking one key obstacle to success: cybersecurity. SMBs are prime targets for devastating cyberattacks. In today’s increasingly digital and hybrid world of work, every business must take cybersecurity seriously. As a starting place, review this handy checklist to get on the path toward a more secure tomorrow.
The Threat Landscape for your Business
Cyberattacks are the fastest growing crime; last year, more than 60% of small businesses reported at least one attack. Malicious actors are using both basic and increasingly sophisticated tactics to steal sensitive data from small and unprepared organizations, just like yours. We see a variety of threats for SMBs, including ransomware, data breaches, and zero-day attacks. If you haven’t yet established a robust cybersecurity strategy at your business, you’re not alone: Only 8% of businesses with less than 50 people have a dedicated cybersecurity budget!
Now is the time to invest in enhanced security and secure your network. One single attack can lead to significant downtime and financial costs. It can also tarnish your reputation or even shutter your business altogether. The simple, practical tips we share here can help ensure your business network is as safe as possible.
How is the physical security at your business?
We begin our checklist with an assessment of the physical security at your business. The 2020 Cost of a Data Breach Report finds that 10% of breaches were caused by a physical security compromise at on-site data centers, at an average cost to businesses of $4.36 million!
For your checklist: Make sure your premises and data centers are tightly secured to avoid simple mistakes that carry big costs. Focus on the basics first, like ensuring your staff wear clear ID tags; you should also install security cameras and implement device tracking.
In some cases, you may even consider colocation, which is an alternative to hosting your critical servers on-site. In most cases, a colocation provider will rent server spaces within a shared, professionally managed data center with enhanced physical security measures. The right partner will provide around-the-clock physical security to keep your data safe, such as locked cabinets, card scans and biometrics to prevent unauthorized access, CCTV monitoring, alarms, or even a dedicated security guard.
Is your WiFi secure?
These days, we’ve grown accustomed to being able to access WiFi nearly everywhere we go. But did you know that your WiFi is often the weakest link in defending your business against attack? Hackers can easily compromise public networks to infiltrate your business network. This is especially important given the number of people who work remotely and connect to critical business applications from home offices and shared, public locations.
For your checklist: Make sure your business WiFi is password protected and use strong passwords. (For more on setting strong passwords, please see this previous post about ditching the sticky notes.) If your business offers guest WiFi, connect it to a different network than your business users.
When did you last update your antivirus software?
Really, it’s an honest question! Do you recall the last time you updated your software? And do you have a regular schedule in place to keep it up to date going forward? What about updates for all your other important programs? Out-of-date software opens the door for attackers to find holes and exploit vulnerabilities. Despite the risk, one study found that more than half of applications installed on PCs were out of date.
For your checklist: Stop right now and make sure your antivirus software is up to date. Install any needed patches or updates and create a regular schedule to prevent security lapses. Be sure to check all of your programs: Out-of-date software isn’t just wonky, slow, and frustrating for users, it can also put your business at risk. You can also turn to experts like N8 Solutions to help you manage and update all your antivirus software and business-critical applications to protect against the latest and emerging cyber threats.
Are you regularly backing up everything?
In 2022, ransomware will remain a pervasive threat for SMBs, and we expect to see new and emerging threats, targeted and relentless attacks, and steep ransoms. It’s never been more important to implement a robust back-up and disaster recovery plan to ensure you stay up and running. After all, if you have a copy of all your data, an attacker can't really hold anything ransom!
For your checklist: Invest in a robust backup strategy to prevent data loss. Not only will it thwart a ransomware attack, but it will also protect your business from other unforeseen disasters, like a natural disaster, human error, fire or flood, or even another world-changing pandemic. At N8 Solutions, we can help you identify, implement, or manage a custom data backup solution.
If you already have a data backup and disaster recovery plan in place, take stock of it to make sure you’re avoiding these five common mistakes, like not backing up your backups.
Do you use multi-factor authentication?
Chances are, you employ some form of multi-factor authentication (MFA) for some of your personal accounts, like your bank or social media. For example, Facebook offers an easy way to turn on two-factor authentication for all personal users; this includes a new feature from Meta to require two-factor authentication for anyone who accesses your Business Manager account. Do you have MFA in place for all your business accounts?
For your checklist: Employ multi-factor authentication—and a password manager—for all your business accounts. This simple step will greatly enhance your security and help prevent unauthorized access to your business applications and data.
Do you know who has access to what at your business?
Another measure to keep your SMB safe goes to the heart of your business: your people. Access control is the process of checking to see who has access to what data and applications at your business. And, just as importantly, it involves making sure that people who shouldn’t have such access—or don’t need it to do their job—don’t.
For your checklist: Create limited access accounts and set administration privileges to a least privilege setting. This means that you simply provide no more authorizations than necessary to perform required functions. A good rule of thumb is to only allow administrators and those who need access to carry out their duties to actually have access to critical data and systems. You can also add a recommended additional layer of security through additional authentication steps, like MFA.
You might also consider a Zero Trust approach to help manage user access. Zero Trust is all about access and solving for the “weakest link” problem at your business. The Zero Trust approach is a technology security model that requires strict identity verification for every person and device that attempts to access resources or data on a private network.
Provide Cyber Awareness Training
Finally, let’s continue our focus on the important part of your business: your people. Your staff can be your greatest defense to thwart cyberattacks; but they can also be your weakest link. Training your staff on basic cybersecurity risks and best practices can help ensure a better defense for your business. With the right training, your staff can actually help you spot and stop potential cyberattacks, like a phishing campaign.
For your checklist: Establish a training program at your business. Educate your team on how to spot fraudulent emails, texts, calls, or social media posts and provide a clear plan for what they should do if they think they have been targeted. Also provide training on how to set strong passwords as well as best practices for securing personal devices (especially if you suspect they’re being used for business).
Keep in mind that security is everyone's responsibility. Include every employee at all levels of your SMB. If you work with independent or remote contractors, consider an ancillary training that speaks to their particular risks and needs. For more, see this post on best practices for effective cybersecurity training for your staff.
We hope this practical checklist helps orient you around some of the most important cybersecurity measures for your SMB. What other items would you add to the list? For more, please reach out to the friendly experts at N8 Solutions. We can review your list together and suggest ways that we might help boost your security, from picking the perfect password manager to training your staff to be a top-notch line of defense against future attack.