Small businesses and organizations may be daunted by the perceived resources it takes to secure their systems; however, not making cyber security a priority could be a costly decision.  The following six tips represent key security principles that we recommend implementing and are intended to provide a starting point for a more comprehensive information security plan.

1. Ensure that all employees use effective passwords, and when possible, stronger authentication technology

Encourage passwords that are comprised of different upper and lower case letters characters and change them every 60 to 70 days.  Consider setting-up network command requirements that change passwords every 60 to 70 days.  In many cases, passwords may not provide you with enough protection and security.  For a more secure and reliable way to authenticate users and prevent hackers from stealing passwords, you may consider implementing some sort of multi-factor* or strong authentication. 

2. Protect your systems

Install and use anti-virus programs, anti-spyware programs, and firewalls on all computers in your business.  Ensure that your computers are protected by a firewall-firewalls can be separate appliances, built into wireless systems, or a software firewall that comes with many commercial security suites.

3. Keep all software up-to-date

Ensure that all computer software is up-to-date and contains the most recent patches.  Most security and operating systems contain automatic updates, so make sure that function is turned on and sign up for security notifications from the software company. Without updates, your systems will not be well protected against new cyber threats.

4. Create backups

Make regular back-up copies of all of your important data/information.  Store a secured copy away from your office location and use encryption to protect any sensitive information about your company and customers.  Regularly creating back-ups better ensures that your critical data is not lost in the event of a cyber attack or physical incident, like a fire or flood.

5. Be prepared for emergencies

Create a contingency plan for your business so you can recover if you experience an emergency.  Include plans to continue business operations at an alternate location when necessary.  Test your plan annually.

6.  Encrypt your customers’ data

Protect your customers’ data from hackers and thieves by encrypting it.  Encryption programs encode data or make it unreadable, until you enter a password or encryption key that unlocks it.  Some encryption programs are built into popular financial and database software and some broadband providers now include encryption for wireless networks as a part of their service.  Simply check your software’s owner’s manual to find out if this feature is available and how to turn it on.  In some cases you may need an additional program to properly encrypt your sensitive data.

The above tips are intended to provide a starting point for a more comprehensive information security plan. 

*Multi-factor authentication is like putting a deadbolt on your front door.  The extra “lock” or layer of security makes it more difficult for hackers to view or steal sensitive data.  Multi-factor authentication can be a software program or a device that is used in addition to your regular login and password method.   One example is a key chain that displays a numeric passcode that changes every 60 seconds, which could be provided in appliance format for small businesses to make it easy to deploy and use.  Biometrics, such as a finger-print scanner, is another form of stronger authentication. Some organizations also use ‘risk-based’ authentication technology that looks at a number of metrics – such as behavioral patterns, or the IP address – to verify a user’s identity without asking the user for any specific input.  In each case, the user can gain access to sensitive data only if the correct information is received (the random number, the right finger-print, or the expected usage metrics).