October is National Cyber Security Awareness Month, designed to engage and educate people about cyber security risks and responses. Our way of life today depends on critical infrastructure and the digital technology that operates it, making cyber security one of the most important priorities for all of us – and we each have a role to play. For emerging and established businesses that means doing everything you can to protect your organization, customers, and employees.
Everyone – especially business owners – can benefit from these very basic recommendations:
• Set strong passwords and don’t share them with anyone.
• Keep your operating system, browser, and other critical software optimized by installing updates.
• Maintain an open dialogue with your family, friends, and community about Internet safety.
• Limit the amount of personal information you post online and use privacy settings to avoid sharing information widely.
• Be cautious about what you receive or read online; if it sounds too good to be true, it probably is.
Businesses need to take cyber security steps far beyond these. As more small businesses become digitized, they are at greater risk for cyber attacks. Small businesses should not operate under the assumption that they have nothing worth stealing. Take the proper precautions to safeguard your networks and your customers.
Tips for Small Business
1. Create a custom cyber security plan for your small business.
Clearly identify company data ownership and employee roles for security oversight and their privileges. Depending on the types of data regularly handled by your business, you may also create separate policies governing who is responsible for certain types of data. For example, a business that handles large volumes of personally identifiable information (PII) from its customers may benefit from identifying a chief steward for customers’ privacy information
2. Establish an employee Internet usage policy
Your guidelines should allow employees the maximum degree of freedom they require to be productive while at the same time establishing rules of behavior that establish online boundaries to keep both them and your business safe and successful. Businesses may want to include a splash warning upon network sign-on that advises the employees of the businesses’ Internet usage policies so that all employees are informed.
3. Establish a social media policy
A strong social media policy is crucial for any business that seeks to use social networking to promote its activities and communicate with its customers. Establish guidelines for acceptable disclosure of company activities on social media; what kinds of discussion topics or posts could cause risk for the company; acceptability of using a company email address to register for, or get notices from, social media sites; and tips for creating strong password for company and client social media accounts.
4. Identify potential reputation risks
Develop a strategy to mitigate reputation risks like being impersonated online and leaking company information.
5. Train employees to recognize scams and frauds
Social engineering, also known as “pretexting,” is used by many criminals, both online and off, to trick unsuspecting people into giving away their personal information and/or installing malicious software onto their computers, devices or network. Social engineering is successful because the bad guys are doing their best to make their work look and sound legitimate, sometimes even helpful, which makes it easier to deceive users. Teaching people the risks involved in sharing personal or business details on the Internet can help you partner with your staff to prevent both personal and organizational losses. Also maintain consistent and predictable online messaging when communicating with your customers to prevent others from impersonating your company.
6. Protect against “phishing”
Small businesses face this threat from two directions – phishers may be impersonating them to take advantage of unsuspecting customers, and phishers may be trying to steal their employees’ online credentials. Never ask your customers to submit sensitive information via email, and make a clear statement in your communications reinforcing that you will never ask for personal information via email so that if someone targets your customers, they may realize the request is a scam.
7. Don’t fall for fake antivirus offers
Make sure your organization has a policy in place explaining what the procedure is if an employee’s computer becomes infected by a virus or “scareware”. Train your employees to recognize a legitimate warning message (using a test file from eicar.org, for example) and to properly notify your IT team if something bad or questionable has happened.
8. Protect against malware
Many businesses are falling victim to key-logging malware being installed on computer systems in their environment. Keeping security software up to date and patching your computers regularly will make it more difficult for this type of malware to infiltrate your network.
9. Guard against malicious software
Effective protection against viruses, Trojans and other malicious software requires a layered approach to your defenses. Antivirus software is your frontline defense. Also, be careful with the use of thumb drives and other removable media. These media could have malicious software pre-installed that can infect your computer.
10. Verify telephone information seekers
Social engineering can still occur over the telephone. Train employees to never disclose customer information, usernames, passwords or other sensitive details to incoming callers. When someone requests information, always contact the person back using a known phone number or email account to verify the identity and validity of the individual and their request.
If you are a Liqui-Site client, and your website is hosted with us, you can rest assured that we are exceptionally proactive about keeping your website and digital communication, including social media, safe and protected from cyber security threats and trends. This year alone we have already safeguarded against two major, cyber security threats from a hosting perspective; and all of our digital marketing programs are underlined with daily website security maintenance. With questions, contact us.