Too many small business owners think that threat intelligence, Zero Trust protocols, and network security impact only global corporations. But no matter how small your business, you need to give cybersecurity your time and attention.
While many of today’s much-hyped security solutions may be beyond your budget, most of the best practices for maintaining network security — tactics and tools that protect your customer and financial data, intellectual property, and office systems — are affordable and practicable.
7 vital best practices for network security
Spam filters and anti-virus software
Mobile device management
Ongoing employee training
Backup and a recovery plan
1. Create hacker-proof passwords
While it’s doubtful anyone is still using “password” as their password, it’s a good bet you’re still using some version of your birthday, address, or college mascot.
So, how do you create an effective password?
The lowest level of protection requires using a mix of upper- and lowercase letters, symbols, and numbers — none of which are related to your birthday, address, or other identity markers — and to change your passwords at least once a quarter. But the best passwords are long, indecipherable character chains that spell nothing and are definitely not memorable.
Password managers are simple applications you install on your computer that generate and store your passwords.
Each time you set up a new account, you use the password manager to generate a new secure password, which you copy and paste into the account setup. All your accounts can have unique secure passwords, and you need to remember only one password, which is the password you set up on your password manager application.
Password managers start around $35/year per user. Some offer a business plan, which can reduce the per-user cost.
2. Use spam filters and antivirus software
Using spam/anti-malware filters and antivirus software should top your network security checklist if you want to prevent cyberattacks.
Businesses often deploy spam filters and anti-malware filters on their email gateways as the first line of defense against phishing attacks. Spam filters block traffic at the source by using global threat dictionaries that list known malware signatures. If a known signature is detected as an attachment in an email, then the threat is blocked transparently from the user’s perspective.
Additionally, you should install antivirus software on every host in a Windows-based system. Antivirus software is updated daily to reflect thousands of new cyber threats. You’ll need to install the software on every device connected to the network; when it detects a malicious file, it simply deletes it.
3. Use multi-factor authentication
One of the top cybersecurity practices for small businesses is to implement multi-factor authentication (MFA). Multi-factor authentication requires a password and another identifier, such as a PIN, a thumbprint, or a code. If you’ve used online banking, you’re probably familiar with this system.
If your password was stolen or revealed in a data breach and an attacker tries to use it to gain access to your network, multi-factor authentication would prevent that attacker from being successful. These solutions are often free with other software you’re already using (such as Microsoft Office 365).
4. Practice mobile device management (MDM)
Mobile device management is similar to endpoint security — it refers to securing devices connected to your network. However, MDM is specific to mobile devices such as phones and tablets, where endpoint security includes computer workstations, printers, scanners, and other office equipment.
Mobile device management determines which devices can access the network and enforces the security policies. It manages encryption, monitors for security and regulatory compliance, and remotely wipes lost or stolen devices.
5. Keep software updated
This is an easy step, and one for which you’ll receive automated reminders if you confirm the auto-update feature in settings. Software vendors issue “patches” that amend software code to protect against new threats as they are discovered.
Regularly remind employees to restart their computers once a week, to ensure they download the latest security patches available for the software on their laptops and workstations.
6. Train employees regularly
No matter how thorough your computers’ network security, your network security plan is only as effective as your employees’ awareness and cyber hygiene. Security awareness training has risen in popularity because 98% of cyber attacks rely on social engineering — phishing emails opened by unsuspecting employees — as their entry point into a network.
The goal of security training is to inform and educate employees on how to identify common attacks used by threat actors. Training is just as important to companies with a handful of employees as it is for a large enterprise’s corporate network security.
For example, sending regular phishing email campaigns to unsuspecting employees, is an effective way to test their understanding of current scams used by threat actors. If a user falls victim to this test, additional training can be assigned.
You may be surprised how many employees can’t identify a phishing scam or won’t update passwords regularly. Don’t take anything for granted; be sure to regularly require cybersecurity training to keep employees aware and vigilant.
Key reminders should include:
Review of your cybersecurity policy
Only use work email for work communications: When an employee signs up for a third-party service with a company email and that service gets breached, it can mean trouble for your network.
How to spot phishing emails: Communicate the latest bogus emails through your company newsletter or intranet between training sessions.
Don’t overshare on social media. If a scammer has your pet’s name, school name, family member names, and birthday, they may gain insight into your security questions and be able to impersonate you.
Don’t auto-forward work emails to your personal email address when you’re out of the office, and don’t use an automated “out of office” email reply.
How to respond to ransomware attacks (immediately disconnecting from the internet and intranet)
How to respond to a computer virus (don’t back up files until the virus has been removed)