Small businesses and Cyber Security
Contributing Author: Peter Grigor
Small businesses are vulnerable to cyber-attack. Defensive cyber-security measures are often not a significant part of their annual budgets or plans, and cyber-criminals realize that they are ripe for the picking. What would a cyber-criminal want with a small business? If you accept credit card transactions, your client database is of great value to a cyber-criminal. Personal Identifiable Information (PII) such as Names, Addresses, Phone Numbers, Credit Card Numbers, Dependent Names all are valuable to cyber-criminals for committing fraud or credit card abuse and identity theft. If you are own a small business, you are probably concentrating on keeping your clients and employees happy, and a cyber-attack is the last thing you worry about. By the way – what do you think is your most valuable business asset? It isn’t the amount of money you’ve invested in tools, employees, or vocational training. It’s your data. From your budgets and balance sheets to your newest client’s personal data, these are what you need to value most and protect.
So you may not have any idea where to begin? Here are some excellent places to start and best of all, they aren’t expensive to implement.
How To Protect small Businesses From Cyber Attacks
- Keep your workstations patched with the latest security patches and software upgrades. If you don’t, it’s easy for a determined hacker to identify an unpatched computer and find it’s weaknesses. If you’re running Windows XP, or you haven’t hired a qualified PC technician to patch your workstations because you can’t yourself. Now is the time to do so, and ask her to come back each time a new patch is released.
- Mark one day, say the first of each month, on your office calendar and make it a mandatory practice that you and your employees change the passwords on each of their workstations. Be sure to make the password strong. A strong password is a minimum of 8 characters long, contains a mixture of upper and lower characters, special characters – even spaces and has numbers. Do not use names, birth dates, pets names, favorite places , or anything that can be found in a dictionary. You can even use a pass phrase. For instance – if you were born on the 4th of July in Somerset Arizona, you could use IWb0J4iSAz! Meaning “I was born on July 4 in Somerset Arizona!”
- Always ask for a visitor’s government or corporate issued ID. This should have a photo on it with the address and name of their employer or where they live.
- If you have the kind of entrance doors that require a badge to unlock, never let someone follow through the door without badging in themselves. Let your employees know it’s OK to challenge someone if they don’t have their badge – even the manager or owner! If they do challenge the owner or manager – give them a box of cupcakes or something similar to share with the team!
- Also NEVER write down a password and keep it in the open or under a keyboard, or pinned on the bulleting board, and NEVER share passwords! When you need to leave your computer always lock it using CTRL-ALT-DEL. (Hit the CTRL, ALT and DELETE keys at the same time.)
- Finally, take an hour or two out of a workday every six months and review security best practices with your employees. If these security suggestions piqued your interest and you don’t know where to start or want to learn more – check your local computer users groups. Go to a computer store like Microcenter or Best Buy and ask around. I guarantee someone will be involved in a users group or use Google to search on Computer Users Group. You’ll find one and they are great help!
For the small business owner with limited financial resources, a strong cyber-security defense is still within reach by following some basic common sense best practices. Even though you may think your business is small and not of interest to a determined hacker or that you have nothing that interests him, always remember – your data, your vendor’s data and your client’s data are your greatest asset, and a determined hacker will try to get it if they think they can. Your best defense is to make it as time consuming and as difficult as possible for them within your means.
About the Author
Peter Grigor, Master of Science in Management Information Systems and Information Security, and Doctor of Business Administration candidate in Management Information Systems and Information Security lives in Prior Lake Minnesota, where he is writing his dissertation on cyber security best practices for small businesses. He can be reached at SmallBizCyberSec@outlook.com, and will do his absolute best to answer any and all questions interested readers may have.