According to the Canadian Centre for Cyber Security, the Covid-19 pandemic presents an elevated level of risk for the cyber security of small businesses. Not only should you protect your website and email servers from attack, but you should also harden the security on your company devices.
Read the recommendations for the best cyber defense practices your business should be implementing below.
1. Enable security software
Your business should be protecting itself against malware–malicious software that is designed to infiltrate or damage computer systems. You should educate your staff about accessing non-work-related websites and content when on a company device, especially when they are working from home.
Your organization should enable secure anti-virus and anti-malware solutions and any software firewalls on all company devices that can access the Internet. These programs should also be configured to conduct automatic updates and regular scans and your IT admin should receive warnings if staff are disabling them.
2. Use strong multi-factor authentication (MFA)
Multi-factor authentication is a reliable and secure method of account or device login that requires more than just one verification that uses something you know (PIN or password) on something you have (a token), and something you are (a fingerprint). Whenever possible, multi-factor authentication should be used.
3. Improve your password use
More often than not, passwords are not strong enough to deter cyber threat actors. Organizations should be implementing cohesive guidelines around password creation and should instead opt for passphrases. A passphrase consists of a sequence of mixed words, numbers, and punctuation that contains at least 4 words and is a minimum of 15 characters in length.
4. Have an incident response plan
A cyber incident is defined as any unauthorized attempt, successful or otherwise, to gain access to, modify, delete, or destroy any computer network or system resource.
An incident response plan helps ensure that your business is properly prepared to detect, respond, and recover from a cyber-attack incident. An effective plan will limit any disruptions and reduce data loss. A written incident response plan should highlight an established set of guidelines that are in place so responders can be ready to carry out the tasks necessary to minimize damage and deal with the incident at hand.
The incident response plan should include contact information for every person involved in response activities, instructions for how to handle incidents, the roles and responsibilities of everyone involved, and the actions that are required for mandatory incident reporting.
5. Secure websites
Your company’s websites should be secured using the Application Security Verification Standard (ASVS). ASVS proposes a standard list of security requirements and controls to implement during each phase of website development.
REM clients have their websites stored on highly secured servers with back-ups and redundancies to minimize any downtime. Your webhost should also do regular backups of your site and store those backups for at least a couple of days just like REM does. In case of an attack, being able to roll back to a clean version of the site can save you thousands of dollars in downtime and lost sales.
Your business should be investing in the proper tools for security requirements on all websites that are developed. If you are worried about the security of your website, speak to an REM business website sales rep today.
6. Provide employee training
Making sure your employees are properly educated about cyber security threats can help protect your business and minimize any potential risks. Effective employee training includes the implementation of unique passphrases, safe use of the internet and social media in the workplace and identifying any malicious emails. Companies should be investing in security training and should consider creating a cyber security training policy if they don’t already have one in place.
7. Back up and encrypt data
All essential business information should be backed up regularly to a secure and external location. As well, back-ups should be encrypted and restricted to individuals who are responsible for testing and restoring functions.
8. Secure portable media
There are risks involved with portable media. If sensitive information is lost or misplaced, your organization’s data that is stored on these devices can be potentially gone forever. Information stored on portable media should be encrypted to prevent any unauthorized individuals from accessing sensitive data.
All small businesses should be taking cyber security extremely seriously to be better prepared for any sort of attacks and to be able to spot, respond, and act as efficiently as possible in the face of any potential cyber threat.
Not sure what cyber attacks are? Read this article for more information on cyber security threats.