The Importance of Account Security & How Small Businesses Can Protect Themselves

Introduction

One cyberattack will cost a company, on average, $200,000. For large corporations like Google and Facebook, $200k is nothing, but to a small business, that $200k could be the deciding factor in whether or not it will be around next month.

There’s a myth going around that small businesses are “immune” to cyberattacks, that small business owners don’t need to worry about cybercriminals because they’d rather target larger companies. This myth is completely false. In fact, Accenture states that 43% of cyberattacks are targeted at small businesses.

If you want to protect your website and your business, you need to make cybersecurity your top priority. To start, let’s focus on your employee’s work accounts and how you can secure them to prevent a data breach.

Ways for Small Businesses to Protect Employee Accounts

Require Two-Factor Authentication

Did you know that one million passwords are compromised every week? Passwords act as the first line of defense against hackers, and they do a fantastic job. However, any password can become compromised no matter how strong it is. So, if you want to secure your and your employees’ work accounts, you need to enable two-factor authentication for everyone.

Two-factor authentication adds a second line of defense to supported accounts. Not only will an employee need their password to log in, but they would also need a one-time passcode sent to them via text or email.

Two-factor authentication significantly reduces the chances of a cybercriminal compromising an employee’s account. At the very least, it can delay the cybercriminal long enough for the employee in question to change their password.

Encourage Employees to Use Strong Passwords

Password reuse is a major problem in any industry. Some employees go as far as to use the same passwords they use for personal accounts on their work accounts! This will compromise their accounts sooner or later, and when those accounts are compromised, your business will suffer because of it.

For this reason, you need to drill proper password security into your employee’s heads. Send out a company-wide memo detailing the expectations you and IT have regarding password strength. Hold a seminar dedicated to cybersecurity. It’s important that your employees know what is expected of them in the cybersecurity department, and the first step to doing that is for you to enforce strong passwords for work-related accounts.

Provide Employees With A Password Manager

With all of your employees (hopefully) using strong passwords now, you’ll want to make sure they don’t write down their passwords in an obvious place or save them to a Word document or vice versa. The best way to discourage that behavior is by offering employees access to a password manager.

Password managers are browser-based programs that allow users to store their passwords in a secure manner, and they do this by encrypting and hashing each password. They’re also relatively cheap; an enterprise password manager costs little compared to the benefits it would bring to your business.

10 Tips to Help You Secure Your Business

1. Update All Software in the Office

Many businesses nowadays use outdated software. For example, it’s not uncommon for hospitals to use older versions of Windows since newer versions aren’t compatible with the programs doctors need to work and treat patients.

A lot of the time, however, the refusal to update software is linked to finances. It can be expensive to update software across an entire company. As a small business, extra costs can be scary. Nonetheless, it’s important to update all of the software your business uses—not just your OS, but every program.

Software updates contain essential security patches that prevent cybercriminals from taking advantage of exploits and vulnerabilities within the targeted software. Refusing to update software only encourages cybercriminals to target your business.

2. Keep Up With the Latest Security Trends

As a small business, you may not have an IT team nor a contracted security firm that helps you manage the security side of things. You may be on your own, and if that’s the case, then you have an extra job: keeping up with security trends.

Cybersecurity is an ever-changing concept. New security tools are being released every day. In the future, certain security practices may seem outdated. Keeping up with these shifts within the cybersecurity industry will help give you an understanding of how you can best protect your small business.

3. Encrypt Your Network

Office networks are typically more secure than the average home network. They need to be. If they weren’t, it would be incredibly easy for any cybercriminal to waltz their way onto the network in question and steal data. Chances are, however, you can secure your company’s network even further with a VPN.

A VPN, also known as a virtual private network, encrypts all data that travels through a network. So if you install a VPN onto your company’s network, the data your employees send out and collect is encrypted, safe.

4. Perform a Risk Assessment

The above suggestions are baseline recommendations that you should implement within your business no matter what. After they are implemented, however, you’ll want to consult with a cybersecurity firm on what you can do to prevent a cyberattack. The first thing they’ll likely tell you to do is to perform a risk assessment.

A risk assessment is simply a procedure that goes over your business’s assets, determines the risks your business will face, and how those risks would impact your business. Keep in mind that risk assessments should be done once a year at a minimum.

5. Monitor Work Devices

In an ideal work environment, management trusts employees to respect security guidelines and treat their devices like work property—that is, to say, carefully. However, this isn’t always the case, so it’s a good idea to monitor what employees are doing on their work devices.

For example, if one employee begins visiting sketchy websites, you’d want to know immediately so you can prevent that employee from infecting that computer with malware. Monitoring online activity is not only recommended but common practice in many industries.

Along with monitoring activity at work, any work devices that employees take home should be scanned and checked regularly. Checking these devices will help prevent an infected device from connecting to the company network.

6. Backup Data Regularly

It’s not unheard of for a cyberattack to damage servers and the stored data that those servers contained. And without backups, that data could be lost forever, hence why you need to keep multiple backups of important data.

Imagine losing vital customer data in a cyberattack. Not only would work be disrupted, but you would lose the trust of those customers. Losing data could mean losing your business. So, when someone says to keep backups, they are not suggesting—they are telling.

7. Safely Dispose of Data

Imagine that an employee’s hard drive suddenly stops working. After replacing the hard drive (or getting a new computer altogether), you’ll need to dispose of that hard drive.

How would you dispose of a hard drive? Would you simply throw it away and call it a day? If your answer is yes, then know that hard drives maintain the data put on it even after it stops working.

In other words, if you just throw away a hard drive, then a criminal can get their hands on that hard drive and scrape the data off of it, provided they have the right tools.

To dispose of data safely, you’ll want to either destroy the drives yourself or have a professional company do it for you. Most businesses go with the latter, as companies like Shred-It guarantee complete destruction of data.

8. Run Antivirus Scans Regularly

Viruses and malware have ways of infecting devices and networks without being noticed. All it takes is one employee to open an attachment from a spam email for a worm to infect your network and give cybercriminals an opening.

For this reason, it’s important that you have a company-wide antivirus solution that frequently scans devices for potential threats. Doing so ensures that you will know of any threats immediately.

9. Create a Response Plan

You could follow each and every step outlined in this article and still have your business fall victim to a cyberattack. It happens. There is no guarantee that your business is immune from cybercriminals and hackers. So what can you do?

The best thing for you to do is create a response plan that outlines how you and your employees will react during a cyberattack. Response plans typically involve steps on how to detect a threat, respond to the threat, and recover from the threat. The quicker your response to a threat, the less damage it can do—remember that.

10. Invest in a Surveillance System

Proper cybersecurity requires you to focus on your workplace’s physical security as well as its online security. It’s not unheard of for employees to take devices home without permission or for criminals to scout company buildings, so you should invest in a surveillance system.

Yes, a surveillance system can be expensive, but you need to deter as much crime as possible. After all, there’s no telling what would happen if a criminal broke in and stole an employee’s computer.

Conclusion

Small businesses are prime targets for many cybercriminals, and yours is no different. When managing a small business, it is crucial that you do everything you can to secure it. From encouraging employees to create strong passwords to installing a dedicated surveillance system, there is a lot you can do to achieve that.