Quick, Big Cybersecurity Wins for Small Businesses
5 easy things to implement that have big impact
More often than not, cybersecurity is either not even on the radar for small businesses, or is thought to be way out of reach and/or not needed. Many small businesses do not have a dedicated IT staff member, much less a person in their team who is up to speed on cybersecurity,
I’ve worked with small business owners whose first question when talking about the need for stronger security practices was “Why would anybody target us?”. Their thinking was along the lines of “we’re only a small company, only doing X type of business, attackers will go after bigger fish”. The discussion after that would highlight that many cyber attacks and cyber criminals are not targeting big fish, they’re opportunistically targeting - going after easy pickings. A comparison often made referenced thieves who rob houses; how they may not target the biggest, richest looking houses, but instead the ones where they notice the back door is usually not locked, or a window on one side of the house is often left open.
With this in mind, here are 5 relatively easy steps that small businesses can take to make an immediate and significant improvement in terms of how cyber secure their business is.
Limit local administrator rights as much as possible. Make it the standard that staff login to their computers as standard users, not local administrators. Just this simple step minimizes and often eliminates the impact of malicious software (malware).
Create a strong password policy. Length is the most important factor in password strength, so encourage the use of passphrases (which should be long but also easy to remember) or randomly generated strong passwords using a password manager.
Use folder/directory permissions. Don’t let everyone have access to everything. Give staff members permissions to access the files and folders they need to do their jobs, and no further permissions than that.
Get a firewall, and configure the firewall (they do not come out of the packaging with secure settings) .
Hire an IT Services consultant or an IT / Managed Services company. They can do all of the above, and a lot more to help make a business less of an easy target. The reduction of risk of disruption to the business should justify the cost of this sort of service.
None of these should require lengthy projects or huge costs to implement.
Well said, Patrick. The "hackers" see small business as an easy target. Just implementing your suggestions would help business security substantially.