The biggest mistake small businesses tend to make is thinking they aren’t susceptible to a security attack. As a small business owner, it is easy to fall into the mindset that cyber criminals target large, wealthy organisations.
But small businesses are just as likely to fall victim to increasingly sophisticated targeted attacks as large enterprises, and unfortunately this common mindset can make them an easier target.
Here are some tips to ensure your data is as safe as possible and you don’t become a victim of a security attack.
Common passwords are bad passwords
Passwords are your first line of defence when it comes to security. Cybercriminals trying to break into your network will start their attack by trying the most common passwords. Ensure your teams are using long (over 8 characters), complex (include lower case, upper case, numbers and non alpha characters) passwords.
Secure every entrance
All it takes is one open door to allow a cybercriminal to enter your network. Just like you secure your home by locking the front door, the back door and all the windows, think about protecting your network in the same way.
Consider all the ways someone could enter your network, then ensure that only authorised users can do so. Use a Firewall with Threat Prevention to protect access to your network (like the Check Point 600 Appliance).
Secure your endpoints (laptops, desktops) with security software such as Anti-virus, Anti-SPAM and Anti-Phishing and instruct employees not to plug in unknown USB devices.
Segment your network
A way to protect your network is to separate your network into zones and protect the zones appropriately. One zone may be for critical work only, where another may be a guest zone where customers can surf the internet, but not access your work network.
Segment your network and place more rigid security requirements where needed. Public facing web servers should not be allowed to access your internal network. Consider separating your network according to various business functions (customer records, Finance, general employees).
Define, educate and enforce policy
Have a security policy (many small businesses don’t) and use your Threat Prevention device to its full capacity. Spend some time thinking about what applications you want to allow in your network and what apps you don’t to run in your network. Educate your employees on acceptable use of the company network. Make it official. Then enforce it where you can.
Do not allow risky applications such as Bit Torrent or other Peer-to-Peer file sharing applications, which are common methods of distributing malicious software and think about social media while developing policy and excessive bandwidth use.
Be socially aware
Social media sites are a gold mind for cybercriminals looking to gain information on people, improving their success rate for attacks. Attacks such as phishing, spearphish or social engineering all start with collecting personal data on individuals.
Educate employees to be cautious with sharing on social media sites, even in their personal accounts. Let users know that cybercriminals build profiles of company employees to make phishing and social engineering attacks more successful.
Train employees on privacy settings on social media sites to protect their personal information. Users should be careful of what they share, since cybercriminals could guess security answers (such as your dog’s name) to reset passwords and gain access to accounts.
About the author
Geoff Prentis is Engineering Director, ANZ, Check Point Software Technologies.