Easy and quick ways to improve small business cybersecurity
While there are countless ways to improve small business IT Security, there is a handful of "low-hanging" fruit that make a dramatic difference and do not take much time or expense.
Easy and quick ways to improve small businesses cybersecurity:
- Turn on 2FA for all email accounts
- Block all incoming ports on the firewall
- Use 2FA for all remote access
- Encyrpt all laptop hard drives
- Ensure all users are not local adminstrators
- Complete segregate internal and guest WiFi
- Stengthen and expire all passwords
- Setup alerts if any forwarding rule is added to any email account
- Install a ransomware honeypot
- Secure all 3rd party sites (including banks, payroll services, investments, etc) with 2FA
- Automate and have a strong review system for local and offsite backups
- Limit physical access to the server room
- Quarterly or semi-annually, have a strategic meeting to review and improve security
- Use an advanced email spam/phishing filter
- Automate log off screensavers to lock computers after 20 minutes of inactivity
- Formally train and test users on Phishing attacks"
Hackers love getting into your email and using it to rip off your customers, vendors, and other employees. But with Two Factor Authentication (2fA), even if they get an employee's password, they can't get into their email without a random code that changes every minute or so.
Do not allow direct access to any computers, servers, or systems like DVRs on the network. Require external users to first connect via a secured VPN before accessing any network systems.
Setup all remote access to require users to have both a password and a randomly generated code that only goes to them. Limit who is allowed to remotely get into the firm.
For any and all computers that leave the firms physical office, encrypt the hard drives so that if they are lost or stolen the data on the computer is completely inaccessible
Users should have the least level of permissions on their computers and unable to install or upgrade software. This blocks ransomware and many known attacks. If software needs to be installed or an advanced change made, they should require an administrator user or if they are an administrator, they should have to log in with a different account than what they operate as.
Never use the WiFi that has access to your server or network for guest access. Use an entirely separated WiFi that has no access to anything but the internet for guests.
User longer and strong passwords. Require complexity. Uppercase, lowercase, numbers, and symbols should be in the passwords and no dictionary words. Force passwords to be changed regularly.
One of the top things that hackers do when they get into email accounts is set up rules to forward all emails to an outside mailbox. Setup an alert that if any mailbox gets a forwarding rule created, you get notified immediately.
You can set up fake folders with names like "111 - Ransomware Trap - Do NOT enter" with fake files in them such as Excel, Word, PDF, Text, etc. Then configure the server to instantly lock out any user that goes into such a folder and to alert management. Thus, if a user gets ransomware and it tries to spread to the network, that user gets locked out immediately to stop the spread.
It's almost always free to turn on 2FA for all banking, investment, and other sensitive sites. This dramatically and easily improves security and potentially the theft of money.
Backups are crucial to recovering from many cyber attacks. Don't trust that they are working. Have a redundant and thorough system to check and test backups daily. Have automatic offsite backups that are kept offline and protected. Secure backups and do aggressive annual tests.
Make sure servers are behind locked doors. They should also be kept off the floor.
Regular, have a formal meeting to review and discuss IT Security. Ideally, bring in an outside expert and/or IT specialist. Decide on a few improvements every meeting so that you are continually improving security.
There are lots of advanced services like Microsofts Advanced Threat Protection that are much more aggressive about testing email for phishing or security concerns. Since many attacks come in this way, it can be money well spend to boost the scanning of email.
Make sure user computers automatically lock when they are away from their computers. Don't count on them to log off manually but rather automate the process.
There are tons or resources online to learn what to look for in phishing attacks and train staff. But that is not enough. Setup a system that actually tries to Phish and trick users. There are services that will send out fake emails to staff and tell you who fell for it. You can then have them do remedial training.
While there are countless ways to dramatically improve the security of a small business for minimal investment and time and money. It's never been more important to take steps to secure and protect your small business.