Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

October 24, 2022

Cybersecurity best practices for small businesses

Daniel Silva

October is cybersecurity awareness month so it’s a great time to revisit your work-from-home policies and ensure that cybersecurity of your business remains top of mind.

While employees work from home, they may let their guard down when it comes to security practices, whether it’s using unsecured networks, leaving their computers unlocked, or falling victim to phishing attacks.

Here are some critical best practices and policies to consider implementing to protect your business and employees.

Install a VPN on employee devices

Setting up a VPN — or virtual private network — provides an extra layer of security for employees working from home. When logged into your company’s VPN, it will hide employees’ IP addresses, encrypt data transfers, mask a user’s location, and much more.

Before the pandemic, VPNs were common for larger organizations, so if your small business doesn’t have one, but you expect your employees to work from home for an extended period, investing in a VPN provider may be worth your time.

Implement strong password policies

It’s estimated that 90% of passwords are vulnerable to hacks, so it may be wise to have several password policies in place.

Standard best practices include mandatory password length and complexity requirements and that each program an employee uses has its own unique password.

Consider investing in password managers for your employees to help them keep track of their passwords. Two-factor authentication (i.e., requiring a password plus a code sent to an email or phone number) for specific programs will also add an additional security layer if needed.

Create rules for working in public

Your rules around using public Wi-Fi may vary, but if your employees work with sensitive data, you may want to consider exploring your options to keep them safe or even ban the practice altogether.

That may sound extreme, but unencrypted networks, malicious hot spots, or leaving Bluetooth on in public can make employees vulnerable to cyber attacks. Even innocent onlookers can lead to risk, and protective screens on laptops may be necessary.

Encourage home security checks

If your employees are working remotely for the long term, encouraging home security can help keep your business safe. Provide a list of suggestions for employees to secure their home network and create a strong password for their Wi-Fi.

Remind them to keep company and personal devices separate and to lock their work computers when they’re not using them at home. Work devices should not be left unattended outside or in a car. These may seem like basic policies, but they are good reminders, nonetheless.

Invest is cybersecurity training

The best way to prevent security issues at your small business is education. On top of going through your company’s security policies, it’s critical to regularly educate employees about common phishing scams, securing home networks, avoiding public Wi-Fi, etc.

Set up annual professional development training around these security best practices and send out email reminders about the latest scams and things to look out for. Making cybersecurity education a priority can help your team keep attacks at bay before becoming a serious issue.

Be prepared to deal with issues

Even the best-prepared businesses are at some risk to a cybersecurity or data breach. Instead of panicking in the event of an attack, stay ahead of the game by putting together a response plan so that you can handle an issue as soon as it happens and reduce the fallout.

Create a step-by-step checklist of what information you need, who to contact and when, what passwords or information you need to change immediately, and what, if any, disciplinary action you need to take with any employees not following your security policies.

It’s safe to say that remote policies, whether you had them pre-pandemic or not, are here to stay.

Hopefully, your business already had some of these cybersecurity policies in place, but it’s always good to routinely revisit and update your security guidelines and educate your team throughout the year.

Daniel Silva is director of security and chief information security officer with Union Savings Bank.

Sign up for Enews

0 Comments

Order a PDF