Security and safety are key concerns to local business owners and managers, especially when it comes to cybersecurity in Kansas City. We all know the physical and visible risks to our people, property, equipment and inventory. But business owners must also consider an even more pervasive and real-world risk: the danger of a cyberattack and loss of information security. Thefts and misuse of company and customer data are the most frequently occurring crimes affecting small businesses today.
While no business is perfectly protected from cybersecurity threats, there are several steps you can take now to prevent major problems. Here are seven recommendations to consider.
- Work with your IT service provider to prepare a cybersecurity plan. If you don’t have an IT service provider, connect with us at Invision to discuss how we can support your information security, network, hardware, software and other technical needs.
If you’re just starting to think about a cybersecurity plan, the Federal Communications Commission (FCC), has an easy-to-use cyberplanner tool to get you started. Hackers work 24/7 and their next target could be your business.
- Be smart about your company’s passwords. It’s very easy to get lazy when it comes to passwords. Use a unique password for each application and platform. Try to avoid obvious words like your company name or street address. Utilize a combination of upper and lowercase letters, numerals, and symbols.
Be extremely careful about publishing a master list of passwords. Consider giving employees only the passwords for the applications they need and use. When an employee leaves, whether on good or bad terms, change the passwords to all the applications that former employee had access to. Even if you have total trust in that former employee, you never know who might find a misplaced electronic file or printed note.
- Train and warn your employees. Communicate frequently with your employees regarding email phishing and spoofing scams, viruses, ransomware, “man-in-the-middle” impersonation, phony text messages and other cyber threats. Employees should know they should never open an attachment if they are not sure of the sender, and to look at the email address of the sender before clicking on any links or attachments in the email. Hackers have become very clever and are able to send emails and texts that appear to be from a company owner, manager, employee or even a board member.
Mistakes happen, but the worst way to handle a problem is to ignore or hide it. Reassure your employees that even the most well-trained professionals can sometimes slip up and open a malicious link or attachment, and that the sooner they report their error to their manager and IT provider, the better. There is never a wrong time to do the right thing, and employees should be encouraged to raise an issue as soon as they suspect it.
- Keep your hardware clean. Be sure all company-owned devices, especially laptop computers, have the most secure and current anti-virus/anti-malware applications. Instruct employees when to implement security and operating system updates. Advise that use of company-owned devices should be limited to company business. Be sure they understand your restrictions on downloading files and applications for personal use and entertainment as these often contain malware or malicious software.
- Set standards for working from home on company equipment and networks.In a post-pandemic world, “WFH” is still common on many people’s calendars. Many of today’s employees work in a hybrid home/office arrangement. This means employees are accessing your sensitive company networks through their residential internet service providers. Be sure your employees use the proper firewall and security applications to keep your company’s data protected when your team members work anywhere outside your company’s facilities.
- Back up company files to the cloud. Discourage or prohibit file storage on individual computer hard drives without backup to the cloud. Even when there is no security breach, hardware can fail. This is especially true for laptops that are carried from place to place, and might be dropped and damaged. Your company should have a cloud-based, password-protected file server where employees routinely store all important documents, including those still in development and draft stage.
- Be extra-careful with mobile phones and tablets. These devices are carried everywhere and are often lost or stolen. Even if your employees use their personal phones for company business, be sure their phones are password-protected and have the proper security applications to ensure that information cannot be stolen from their phones on public networks.
Does this all sound complicated? It certainly can be. And you’re probably up to your ears in running the daily operations of your business, with your honest employees serving your honest customers. You don’t need to spend your time and energy worrying about all the invisible cyber criminals who are ready to disrupt you and your company’s operations. Let Invision be your 24/7 eyes, ears and protection against a world of threats. Contact us today.
