A comprehensive guide to cybersecurity for small and medium businesses – 2018

The security of users in cyberspace is subject to increasing number of threats. Not a day passes without news that someone hacked the next system or stole the important data. Owners or managers of small and medium-sized businesses know that cyber security in our age is a priority, and that we must pay due attention to these problems. The most important thing in this matter is to understand, with what it is necessary to begin.

It may seem that securing cybersecurity is a very time-consuming and complex process. Not every manager or business owner has the necessary technical knowledge for this, so that even the most cautious of us and those interested in securing security can scare away the need to wade through the jungle of professional jargon and conflicting information.

It is for such interested persons that our leadership is intended. If you are a busy manager and you are already so full of daily routine work on business management, then you simply have no objective time to become an advanced expert in all areas of cybersecurity. But if you read this manual and together with the employees (including those who deal with your computer hardware, software installation and networks), include the security measures that we described in your workflow, you will certainly be less worried. Protecting your business is not really that difficult, as some experts describe. Be patient and take some small advice from us, and you can protect even the smallest company with advanced methods to ensure cybersecurity.

1. Identify your weaknesses

The first step to protecting yourself from cyberthreats is to identify your vulnerabilities. If you do not know what your weakness is, how can you eliminate it? If you do not know what data is stored on your company’s computers, how can you protect them?

First, determine what information can be called “pearls” of your data collection. In other words, what data is vital to your firm?

It can be anything, from your intellectual property to your customers’ contact information, inventory records, financial information, etc. Where do you store all this data? Once you answer these questions, you can begin to think about the risks that your data is exposed to.

Describe in detail all the actions that you and your employees are doing in order to collect, save and get rid of the data. Think about what “transit points” in the way of information transfer in your company can leak or steal data. Also, create a clear picture of the consequences that can affect your company, your customers and relationships with your partners in the event of a threat to your cybersecurity. After that, you can start taking some measures.

2. Protect your computers and devices

It is through computers and other devices of your company that the lion’s share of all the work that keeps your business afloat is fulfilled. But due to the fact that these devices have access to the Internet and a local network, they are vulnerable to cyberattacks. Here are our instructions, with which you can increase the level of protection in the network of various devices of your company.

A. Update your programs

The very first (and perhaps the easiest) step to ensure that your systems are protected from attack – always use the latest versions of the programs on which your business is based. Hackers engaged in illegal activities spend a lot of time looking for bugs in popular programs and applications, abusing loopholes in order to penetrate the system. They can do this for anything: to make money to make a political statement or simply because they can do it. Such illegal penetration can cause irreparable damage to your business. Hackers can steal bank card numbers of your customers from your website or even steal passwords from your computers. If this happens, your business will have serious problems.

Microsoft and other software companies are always looking for vulnerabilities in their programs and applications. When a vulnerability is detected, an update is released for users that fixes the flaw. Agree, it’s so easy to install updates immediately as they are released, but why then do so many companies carelessly refer to this point?

In 2017, the virus-extortionist WannaCry committed an attack on thousands of computers around the world. Under his attack, even such huge organizations as FedEx and the National Health Service of England were found (more about extortion viruses you will read below). Before the attack, Microsoft released a patch update for software that removed the vulnerability, but many system administrators are not installed

B. Protect yourself from viruses

Viruses are malicious programs that secretly infect your computer. Viruses can do a lot of trouble, but more often they access your files and delete or modify them. Viruses spread quickly, creating their own copies and sending them to people from your contact list. If one of the computers on your network picked up the virus, it can very quickly infect all the devices in your company, which will cause you to lose a significant amount of data. In addition, if you communicate with clients and users via e-mail (and so do almost everything), you can infect their computers as well.

Malicious programs and viruses-extortionists are the two most dangerous types of viruses in modern cyberspace. There are several differences between malicious programs and viruses-extortionists. A malicious program deceives the victim to download certain software, thus gaining access to her computer. This program can track which services you visit from your computer, steal confidential data or start distributing spam on your behalf via email.

A virus-extortionist is a special kind of malware. This program locks your computer and prevents you from accessing important files until you pay a ransom. The extortion virus encrypts your files with a private key, which is known only to its creators. The attack of the WannaCry virus, which was mentioned above, is just an example of an attack of a virus-extortionist. And there is no guarantee that the ransom will help, because hackers may not unblock your computer.

There are several basic steps that you can take to prevent viruses from reaching your computer. The antivirus program scans both incoming emails and files on your computer, and then removes or isolates (quarantines) any viruses that it finds. Hackers constantly create new viruses, so you need to update your antivirus regularly. In the most high-quality antiviruses there is such a function that commands your computer to download and install updates automatically. You must be sure that your employees know that you do not need to open suspicious files, and any attachments to emails that came from an unknown and untrusted address need to be deleted.

An additional means of protection will be connecting to the Internet through the Super VPN free Android. With VPN, you can work on the network anonymously. In addition, these services encrypt all your data, so hackers will be very difficult to track you. A reliable VPN provider always warns users when they are trying to navigate through suspicious links.

If you are not lucky enough to become a victim of an attack of a virus-extortioner, not everything is lost. This step-by-step instruction will help you get out of the situation.

C. Install the firewall

As in any modern business, most likely, most of the devices in your office are constantly connected to the Internet through a broadband connection. If so, it is very likely that cybercriminals have at least already tried to penetrate your computer network. Hackers choose targets randomly, but if they find a valid address, they will take advantage of any vulnerability to gain access to your network and individual computers in it.

The most effective way to protect yourself against such attacks is to install a firewall. The firewall separates the different parts of the network from each other, passing only the authorized traffic through the protected part of the network. If you run a small business, the firewall will sort out your local private network from the common part of the Internet. A good firewall analyzes each data packet that is sent over the network to make sure it is 100% reliable and filters out the data that it deems suspicious. To prevent hackers from attacking individual computers on your network, the firewall masks the identity of each computer.

Installing the firewall is quite difficult, it should only be done by a specially trained specialist. However, this simplifies the task for you: all you need to do is talk to your system administrator and make sure that the work is done and your network is protected.

D. Special precautions for laptops and other mobile devices

Due to the fact that these devices can be taken with you and therefore can be taken out of the office, laptops in particular can become a weak link in your security system. They are also hunted by thieves, because they are simply being stolen and sold. In addition, employees themselves can be very careless with their work laptops, since in most companies they will simply be given a new one if they lose or they are stolen from the previous one. However, replacing a laptop is a significant financial expense, especially for a small business. But here the biggest problem is not even in the financial side of the matter. The laptops of employees (especially the management team) are likely to contain confidential company data that can harm your business if they fall into the wrong hands.

There are several security rules that you and your employees need to begin to follow in order to prevent the theft of work laptops or mitigate the most serious consequences for the company if it does happen. First: if an employee uses a laptop in a public place or even at a working meeting or conference, he / she should always keep the laptop in sight. Laptops should be transported in hand luggage and not leave them in the storage chambers of airports and hotels.

Hackers can easily access data on a laptop or other mobile device, if the connection to the Internet does not occur through a secure network. There are several security rules that we advise you to adhere to in order to protect your data: for example, use only reliable passwords, create a backup copy of your work that you performed on the laptop, before each trip and encrypt all data. These rules are particularly relevant for laptops. We’ll talk more about them in the third section (“How to protect your data”).

Believe, planning actions in case one of the devices of your company is stolen is worth the effort and time. If you use cloud storage for some of your business needs, then look at what management features your mobile provider offers you. Most cloud resource providers allow you to erase all data from any device that is lost or stolen.

All these tips also apply to the company’s smartphones. There are several measures that you can take to protect your company’s smartphones. In this guide you will find all the necessary recommendations, especially for iPhone devices. There you will find a list of security applications that we recommend, as well as instructions on how to change the settings of your smartphones to protect them.

One of the best ways to protect mobile devices – laptops, smartphones, assistants Amazon Alexa and even your office console PS4 (if you think that in a perfect office there should be a game console!) – is to install a VPN application that will encrypt all data , which are transmitted through these devices. You do not need to install a VPN application on each device, instead you can install VPN directly on your office router. Thus, all your office devices that are connected to the Internet will be protected.

It is also important to formulate rules regarding what devices employees can bring with them to work. Many employees allow employees to bring their laptops and other devices to the office, since it is much cheaper than providing each with the right equipment. We recommend that you require employees to install antivirus on all personal devices and update them regularly.

3. Protect your data

Regardless of where your business is located, data is the main element of your work. Without customer contact information, without your inventory records, without your own data and all the intermediate information, you simply could not function as a business. These data can be lost in a variety of ways: your computers can be damaged, they can break down, hackers can enter your network and steal data or your office may suffer during a natural disaster. Therefore, your goal is to protect yourself from data loss by taking measures to prevent the worst consequences.

A. Implement the backup procedure for important data

There are two types of backup. Full backup involves copying all the data of your choice, in which you transfer them to another device or media. With an additional copy, on the contrary, you simply add to the previously made copy the data that appeared on the device since the last backup.

The simplest and most effective way is to combine these two types of copying. Periodically make a full backup and perform an incremental backup daily. Alternatively, you can make a full backup every evening after the end of the day. It is very important to check whether the process works as it should: it would be a tragedy to lose all the data, and then discover that the backup system has not worked for a long time. You can test this by “restoring” the trial data on some new device. So you will be sure that your backup system is completely viable or prematurely identify the problem.

There are many ways to backup your data. You can save them on a physical media such as a USB flash drive or an additional hard disk, or you can put them in a shared folder on your network. You can also store backup copies of data in a secure office location. Nevertheless, keep in mind that saving all data on some physical media will not help in the event of a natural disaster or hacking into the office. We strongly recommend that all companies do not skimp on cloud backup systems.

B. Encrypt important information that your company stores in the cloud

Today, many companies store their data in the cloud, if not entirely, then at least in a notable amount. Under the “clouds” in this case can be understood as a system of cloud storage type Dropbox, and cloud platforms like Salesforce, working on the model SaaS. Since all this is called “clouds”, then it may appear that all data is stored in some kind of safe and abstract virtual space. In fact, this means that your data is stored not on your hard drive and not on your local network, but on remote servers that you accessed from your cloud service provider. Accordingly, it is extremely important to carefully read all the safety and precautionary measures taken by the provider and make sure that your data is adequately protected.

There are several ways to ensure the security of your cloud data for sure. To encrypt everything manually – that’s what you can safely call the simplest and most secure solution in this case, the benefit of that there are many programs that will help you with this. In other words, do not rely only on the provider’s security systems, when it is possible to defend yourself. The main thing – do not accidentally upload your encryption keys to the cloud.

So, you should carefully read the offers of the cloud service provider. At the moment there are tens if not hundreds of providers on the market, and some relatively little-known firms offer much more reliable ways of protecting user data than large and well-known companies. Some services, by the way, automatically encrypt user data before uploading to the cloud.

A completely different option is to work with BitTorrent Sync. This is absolutely free service, which was developed as a replacement for cloud systems. The difference is that BitTorrent Sync does not store files in the cloud. Instead, it allows you to work on documents through a platform that provides file sharing on the P2P model. These services usually use the most advanced encryption (AES-256) and support two-factor authentication, which adds an additional level of protection.

In this comprehensive online security guide, you will find additional information on this.

C. Protect your passwords

The easiest way to distinguish a person who has the right to access important data from a person who does not have this right is the password. Unlike other high-tech systems (smart cards, fingerprint scanning or even iris), passwords are used almost everywhere. It’s understandable, because it’s free and easy! However, passwords are also very vulnerable. Hackers have developed advanced, sophisticated and automated applications that can crack simple passwords in minutes. In addition, hackers do not bend and fraudulent methods to access your company’s passwords: here and phishing attacks, there’s a fake digital personality, here and social engineering, designed to get people to give out their passwords …

There are many reasons why the effectiveness of the password can fall to zero. We often forget to password protect access to important documentation, and then anyone who sits down for our computer will be able to open a secret file. To not forget passwords, many employees write them down on a piece of paper and store it on their desktop. Worse, many of us use weak passwords, which are quite simple to remember, again and again. About the fact that very few people change passwords regularly, and you do not want to talk! All this gives hackers a green light.

These seven steps to create a truly reliable password will help you protect yourself from hacker attacks:

  • Use different passwords for different services
  • Regularly change passwords
  • Use complex passwords
  • Enable 2-step verification
  • Disable autocomplete logins and passwords
  • Use the password manager – a program where all user passwords are stored in encrypted form
  • Do not send your passwords via email or SMS

Creating a strong password is not so difficult. You can use a special service (for example, this) to find out if your password is reliable enough. There you will find out how much time it will take to break it. You can also use a secure random password generator to create an absolutely random and unpredictable password.

Tell all your employees about how important reliable passwords are. This is especially necessary if you want passwords to securely protect your data, and not open loopholes for hackers.

D. Set permissions for access to information

Think about who in your company has access to important information. Probably, there are more people than it should be. Accordingly, you need to deal with restricting access. Administrator accounts should only be for those of your employees who are authorized to administer systems and install new software.

In addition, it is worth moving away from the practice when several people use a common login and password at once. Why? If your system is hacked, then determining how and when everything happened will be much more difficult, if at all possible. Let each user have their own account and their own access permissions. If you use Windows, you can set different levels of access for different users – for example, depending on what position they occupy in your company. If one of your employees is absent from the workplace for a long time or even quits, block his account as soon as possible.

D. Protect your wireless networks

Hackers can access your servers also through wireless networks in your office. Since the Wi-Fi connection does not require a physical connection to the cable, hackers only need to be in the range of your router and run several free programs to hack your network. After that, attackers will be able to steal your files and disrupt your system. Yes, supporting Wi-Fi connections are equipped with features that can prevent this from happening. Alas, most of these functions are disabled in the default settings, so as not to complicate the installation process.

If you are using a Wi-Fi network, then you need to make sure that all the security features of your network are activated. In addition, you can limit working hours to access your wireless network so that hackers can not hack it, say, at night. And so that outsiders can not connect to your network, you can restrict access to Wi-Fi only for certain computers by specifying access points.

E. Protect yourself while working on the Internet

When you and your employees work on the Internet, all your actions are monitored in many ways, sometimes completely unnoticeable. And all your actions can be collected in a very detailed list by third parties without your consent. And your employees can accidentally go to dangerous sites that can steal your important business data! In addition, any data can be compromised if they are transmitted to sites through an unencrypted connection.

The best way to protect your connections, as well as the confidentiality of data from both your business and your employees, is to start working through the VPN service. VPN technology allows you to create a virtual private network that allows you to hide the user’s IP address and encrypt all traffic passing through it. In addition, with the help of VPN, you can work anonymously on the network, which is especially important if you need to study competitors often by occupation. It is equally important if the history of your work on the network can be of some interest to competitors.

The downside of this method is that a truly reliable and high-quality VPN service costs money. As an alternative, many choose a free web proxy. Alas, you never know for sure who manages this or that proxy service: it is quite possible that the service is managed by hackers, or it may be that the proxy collects information about user actions. Strictly speaking, a proxy service can hide the identity and actions of a user from the sites they visit, but he sees everything perfectly. And this is just one of the reasons why we recommend using a VPN, not a proxy, if you want to work safely on the network.

You can also protect yourself by adding additional security features to the browser. Thus, the Firefox browser is an open source program for which many add-ons are designed to protect the user and his data. These include various ad blockers, encryption, add-ons to protect browser data, cookie and cache managers and so on. For more information, see the article about 20 add-ons for Firefox, which make this browser safer.

G. Protect important data created by remote employees

Many small businesses use remote employees to solve a variety of tasks. In fact, thanks to the Internet, you can work with people from all over the world. There are many advantages in cooperating with remote workers: you do not have to hire a person to the office to solve some complicated or monotonous task, you can choose candidates from any country in the world and so on. However, remote work involves certain risks – including risks to your cybersecurity. You could use all the above mentioned methods of protection, but most of them will be useless if remote employees accessing your important data access not through your company’s protected network. This problem is particularly acute if remote employees connect via a public Wi-Fi hotspot.

The solution for managing mobile devices, which we talked about in paragraph 2.G., will help you to work with your remote employees, as well as with employees on vacation. Most importantly, however, make sure that all your remote employees who have access to important information use your company’s secure network and secure connection to it.

Windows has a Remote Desktop connection option, but it’s not enough to protect your data by itself. If you work with remote employees and simply can not afford to leak important information, we advise you to use a special VPN Review service through which remote employees will first connect to your office LAN and only then – to their computers through the connection function to the remote desktop. It sounds difficult, but your IT specialists probably know how to configure everything, in particular – how to configure a VPN for your office network.

About: Claude Ford

American economist. Nobel Laureate in Economics in 2017 for his contribution to the field of behavioral economics. Honorary Professor of Behavioral Science and Economics at the School of Business of the University of Chicago.

Leave a Reply

Your email address will not be published. Required fields are marked *