Cybersecurity Hygiene For Small Business
As vaccines become more widely available, we see a light at the end of the tunnel. Businesses prepare for a return to the office and schools get ready for September, when more in-person learning is expected. Despite this optimism, it’s important for organizations to remain vigilant and practice good cyber hygiene.
Cyber attackers are motivated by financial gain, either direct or indirect. They actively seek out software vulnerabilities and insecure access points, relying on an uneducated population to provide or allow access to systems and data. These bad actors thrive on chaos and exploit situations that affect large groups of people, which is exactly what happened when the shift to remote working and learning took place in 2020.
Our best practices are good tonic that keep your cybersecurity program current and effective.
Disaster Recovery and Business Continuity
It’s critically important to evaluate Disaster Recovery and Business Continuity plans on a regular basis; we recommend at least once a year. This means going through the physical exercise of losing access to the primary data or altering everyone to work from an alternate location. This type of review finds real-world operational gaps, allowing opportunity to close them remain prepared. The FBI and CISA suggest small and medium-sized businesses review or set up patching plans, security policies, user agreements, and business continuity plans to ensure they address the growing threats posed by cyber criminals.
Network Best Practices
Patch operating systems, software, and firmware on a regular basis.
Change passwords on a regular basis, every 90 days and enact a policy that prevents reusing old password or simple passwords, like “Password.”
Use multi-factor authentication.
Disable unused remote access ports and check remote access logs.
Remove accounts with administrative privileges, allowing only a certain few with administrative rights.
Scan for open or listening ports and close any not needed.
Find critical assets such as database servers and create backups that are off the network.
Implement network segmentation. Sensitive data should not exist on the same server and network segment as the email environment.
Set antivirus and anti-malware solutions to automatically update; conduct regular scans.
Awareness and Training
Educating employees is the best defense against phishing scams. While nothing is perfect, someone who is aware of the telltale signs is more likely to pause, ask a question or ignore something they believe is wrong. Ensure employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack. This is especially important if they already clicked on a link and quickly realize it was malicious. Immediate reporting can make the difference between disaster and annoyance. Monitor privacy settings and information available on social networking sites.
Denial-of-Service Best Practices
Consider enrolling in a denial-of-service protection service that detects abnormal traffic flows and redirects traffic away from your network.
Create a partnership with your local internet service provider (ISP) prior to an event and work with your ISP to control network traffic attacking your network during an event.
Configure network firewalls to block unauthorized IP addresses and disable port forwarding.