Business Security 101

As cyber threats continue to escalate and data breaches grow in scale and prominence, there is nothing more important than keeping your business safe. Unfortunately, these threats seem to evolve as quickly as the technology designed to prevent them. You need a plan to keep your business ahead of the game, protected and secure.

This guide is designed to do just that by covering the following important topics:

Assessing your current security

Before making any kind of major change, the first step should always be an assessment. When it comes to creating an IT strategy, conducting a risk assessment is crucial, especially if you have never done one before. Many small businesses assume that if they don’t have an IT department this assessment is unnecessary. This is not true. Risk assessments are designed to review all technology associated with your business, in order to uncover weaknesses and vulnerabilities. It then prioritizes these risks by impact and outlines a plan to address these risks.

Risk assessments typically look at three categories:

  • Assets – equipment (even your slowest PC), software, and configurations that make up your IT infrastructure.
  • Threats – look for industry-specific threats and circumstances that might make the business uniquely targeted.
  • Vulnerabilities – ways your business could be compromised or exploited. This takes into account internal factors such as employees/former employees, firmware, patches, operating systems, and more.

A risk assessment should be taken seriously. Although it can take a significant investment in time and resources, it is worth both as the work you do now will save you considerable time, money, and grief in the long-run. Consider this: 67% of small and midsize businesses (SMB) experience cyber attacks, according to a recent study, while 47% have no idea of how to protect their business from these attacks.

Related reading: Building your 2020 IT budget: Seven critical steps

Choosing a managed service provider (MSP)

Increasingly, small businesses are realizing the benefits of opting for proactive IT services and choosing a managed service provider (MSP) for their IT support and cybersecurity needs. MSPs bring expertise, technology, and a variety of solutions to the partnership that SMBs would otherwise be unable to afford. Typically SMBs pay a monthly fee for access to these services, with the option to scale services as needed.

When it comes to choosing an MSP, the choices can feel overwhelming. Starting with a risk assessment is a great way to determine what your company’s immediate needs are, and gives you a place to start the conversation. As you begin your search for a trusted service provider, consider the following factors:

  • Services – Every MSP offers a unique range of services. What services are you looking for? Do you need to eliminate the bottlenecks? Do you need security services? Look for an MSP that can best meet your unique management and security needs.
  • Security – While the Cloud and security services inherently offer some security solutions, look for an MSP that values your security as much as they value their own.
  • Expertise – One of the benefits of partnering with an MSP is gaining from their expertise. It is essential that you find an MSP that is knowledgeable of your systems and able to provide creative solutions. For example, if your business works primarily with Macs, be sure to hire an MSP who has extensive experience working with Macs.
  • Customer service – As with any business relationship, excellent customer service is a must. Take note of staff experiences when communicating with different members of the team. Don’t overlook poor customer services just because you like the services they offer– see them for the red flags that they are.  
  • Customization – Many MSPs offer unique customizations for the Cloud or for security services. Take note of these and how they may work to increase productivity for your business.
  • Onboarding – Ask each MSP about a potential timeline and cost for coming onboard. Each MSP has a different process and style, so it is important to understand what this looks like.
  • Cost – Once you have a complete rundown of what the MSP can offer you and what it can cost, be sure to look through the fine print to make sure you understand what to expect before signing a contract.

Related reading: 5 signs you need an MSP

Security best practices

The good news is that there are things you can do right now to improve your business security. Most of these security best practices cost nothing to implement, and they may actually save you money. In addition to utilizing all of these practices yourself, it is essential to educate employees and implement them business-wise.

  • Passwords – Always use strong, unique passwords for each device and account that you have. Never share your passwords or write them down. Don’t use passwords that can be guessed easily. Use multi-factor authentication (MFA) when it is available.
  • Browse safely – Nowadays everything you do leaves a digital footprint, which can set you up to be a victim of cyber fraud and social engineering. Read this article for tips on how to browse the internet safely and keep your data more private.
  • Connect securely – Whenever possible, connect to the internet using a secure internet connection. Be cautious of unsecured public Wi-Fi. If you must use a public connection, avoid entering sensitive data. You should also be careful when using mobile devices. Here are 7 ways to protect your private cell phone from hackers.
  • Download with caution – Downloads from unknown or untrusted sources can be used to install malware onto your computer. Also, beware of opening attachments from suspicious emails.
  • Update everything – While antivirus software can’t protect you from every threat, it is designed to detect and remove most known viruses and malware infections. It is important to keep the software up-to-date. It is also essential to keep your browser, operating system, and other frequently used software up-to-date as update often include security patches.
  • Back it up – If you haven’t already, now is the perfect time to start backing up your files. A great starting point is to read about the 3-2-1 backup rule (and other backup best practices).

Related reading: 10 best practices for encryption key management and data security

Backup and disaster recovery (BDR) planning

The final piece of building your business security is designing a backup and disaster recovery (BDR) plan. While nobody wants to think about needing such a plan, the reality is that the world is unpredictable. While we can’t predict where disaster will strike, we do know that 40% of small businesses permanently closed their doors following a disaster. Do you like those odds? (Still not convinced? Read all about how disaster preparation pays off.)

A BDR plan focuses on restoring operations and IT infrastructure after a disaster has occurred or during instances of extended downtime. For a simple guide on creating a BDR for your business, go to how to create a disaster recovery plan for your small business.