Written by: USB Security, Union Savings Bank
Last week, we talked about one of the fastest growing types of small business cyber attacks: business email compromise. In addition to this type of social engineering attack, there are many other security threats that small business owners might face, some of which can occur right on your own property. Maintaining an up-to-date cyber policy and response plan is essential, but there are routine proactive measures you can take to help protect your small business. As we continue through Cyber Security Awareness Month, consider these 4 security checks that can help prevent small business cyber attacks.
Perform a physical inspection of your property.
If your small business operates out of a storefront, warehouse, manufacturing facility or other type of brick and mortar location, it’s important to perform regular inspections of the property. Checking doors and windows to make sure they are closing and locking properly, ensuring that unauthorized employees are not left alone after hours, maintaining security cameras if you have them and repairing issues with phones and other equipment can offer protection and peace of mind for you and your employees.
Inspections don’t necessarily require examining every square foot of your property with a fine-toothed comb, but taking the time each day to make sure things are in their place is your first line of defense against fraud and may just alert you to the first signs of trouble.
Keep your connected equipment up to date.
Long gone are the days when a desktop computer was the only piece of equipment in a small business that could connect to the Internet. Today, everything from the blood pressure cuffs in your private practice to the forklift in your warehouse may have some type of connectivity. The culture of bringing your own device (BYOD) and the Internet of Things (IoT) means that everyone from your customers to your vendors expects to be able to connect effortlessly when they need to, whether it be to review their appointment status or remotely check inventory.
This connected equipment can help your employees and service providers perform their duties more efficiently, but it can also leave gaps in your network security. Just like you update your mobile apps and personal devices, you need to update your business equipment to get the latest security software and patches. These updates help fix known security flaws and bugs that could otherwise leave you vulnerable to small business cyber attacks.
One particular piece of equipment that is commonly overlooked is your Wi-Fi router. Factory settings for routers often include simple passwords or ones shared with the entire batch sold at the same time. This can make it especially easy for a hacker to guess your password and gain access to your network. Be sure to follow password best practices and consider these four things when offering free Wi-Fi to your customers.
Test your cyber security incident response plan.
Writing your incident response plan was likely a key piece of your online safety and security strategy, but when is the last time you and your employees reviewed it? Technology changes constantly, websites come and go and new small business cyber attacks crop up all the time, making an effective incident response plan even more critical.
The best way to make sure your cyber security incident response plan will work when it’s needed is to put it to the test. Ensure that the information for your designated point of contact is still valid, and test the speed of response. If anyone listed in your response plan is no longer working for your business, remove their names and contact information and replace them with current employees. The same goes for any outside vendors that assist with network security; if contracts have expired or you are employing a different agency, include current information in an updated plan and test the communication.
If a part of your incident response plan includes sending internal or external alerts, make sure that when you test the alert functionality, you do so on a small control group and give them advance notice. You may also want to test your web alerts after hours as not to raise alarm, and include a message that the alert is for testing purposes only. Other aspects of your plan, such as shutting down access to the internet until the issue is resolved or filing a formal report of a breach, may be more difficult to test on a regular basis, however the series of events should be reviewed for accuracy.
Regularly testing your cyber security incident response plan can help ensure that your business is ready to act if an attack occurs. You can find more cyber security resources and a response plan template on the State of Connecticut website.
Update your cyber security policies and procedures.
Much like your incident response plan, the cyber security policies and procedures that dictate how your small business employees conduct themselves in the digital landscape should be reviewed and updated frequently. As your company grows and changes, your policies and procedures should too, but do not wait until this happens to review and update them.
If a security breach were to occur and your small business policies and procedures were out of date, you might find it more difficult to identify the point of the breach not to mention how to avoid it happening again in the future. Think of your policies and procedures not only as cautionary materials, but as supportive and instructional ones too. They can offer you and your employees guidelines to follow to ensure that everything within your small business is done as securely as possible.
Protecting yourself from small business cyber attacks is not just a once a year operation. Keeping your business secure online requires regular checks of your physical property and equipment as well as the guidelines and response plans that help dictate your online activity. Staying up to date with these checkups helps put you in control of your small business security.
For more small business security tips, visit our Business Blog.