The professional business reviewers at Global Resources LLC annually conduct over a thousand reviews for small to medium-size businesses. Our review process can involve, when appropriate, a review of the cyber practices. We are not cybersecurity experts, but we can work with the owners of small and medium-size companies to determine what steps have been taken to ensure online security.
Considering that cybercrimes against businesses are on the rise, this aspect of security has become important for all businesses, including small and medium-size businesses. Independent reviews of business practices have found a shocking number of businesses that fail to even cover even the basics of ensuring cybersecurity, such as periodically changing passwords. Lack of online security can lead to devastating consequences. Here are some best practices for protecting online data of small businesses:
- Maintain a strong password policy at your company. No matter how small, your business will need to provide guidelines for all staff on how to change passwords. Passwords should be changed at least every three months. Also, passwords should be long, not contain common words or number configurations, hard to guess, use both numbers, letters and symbols, and for the best security randomly generated. Make sure employees know how to set passwords properly.
- Enable two-factor authentication for devices that allow it. Passwords can be hacked, but accounts will be protected if two-factor authentication is enabled even in this scenario. Two-factor authentication can be a hassle when logging in. But it’s a necessity to protect the most sensitive business documentation.
- Do secure office Wi-Fi. Office networks should encrypt the data transmissions and should be protected by a strong password as outlined above.
- Teach employees about using email safety. They should be advised against clicking on links sent over email, or worse, downloading unsolicited attachments sent in emails. There should be a trusted internal file sharing system for sending files between employee computers.
- Secure official handheld devices. If possible, buy VPN software for all office smartphones, tablets and laptops that might be used off site. Connecting to the internet on a public Wi-Fi network is very dangerous on a business device and policies need to be created concerning such networks.
- Disallow external storage devices in the office. Don’t let employees bring in their personal USB sticks or CDs to insert in office computers. These devices can carry malware unbeknownst to owners that could infect office computers.
Start your company’s cybersecurity policy by practicing the above. Your small business can also benefit from one of our Global Resources Reviews that provides an overview of your cybersecurity practices.