Let’s face it – small business owners already have enough on their plates. Between concerns over managing day-to-day operations and ensuring sales goals are met and growth projections are on track, a day in the life of any small to mid-sized business (SMB) owner is nothing short of hectic. Falling victim to the latest malware threats are starting to climb to the top of that list of concerns, as 57 percent of small business owners in a recent survey reported their intentions to increase budgets for IT security.
But with most SMBs lacking the scale or resources to have an in-house team and tools capable of stopping today’s sophisticated threats, many SMB owners simply don’t know where to begin when it comes to securing their company’s resources. The following are steps that every business, both large and small, should reference as a baseline for ensuring the safety of their assets and all customer data.
Prepare for the worst by backing up your data!
A good rule of thumb to follow – the more you know about where your data is stored, how to organize it, and how easily accessible it is, the better you and your team can be at protecting it! One of the most fundamental ways to protect your data is to back it up from the beginning before an issue ever arises. It’s critical to back up your data on a regular basis, and store network passwords in a secure, separate place where neither employees nor anyone walking by your desk can see them.
There are many options for backing up data either onsite, offsite, or to a third-party cloud backup provider. Recently, malware such as Cryptowall has wreaked havoc and tested the backup operations of many businesses. This malware infects your computer, and then encrypts all those important documents and files that you have connected to the system.
Once you’re infected with Cryptowall, your only options are to jump through a bunch of hoops to pay a thief, and then you can have your data back. Or, use those backups you have been so diligently creating and restore your company’s valuable data. The only thing better than using your time backing up and monitoring your data is to have someone else do it for you, so let’s talk about how to leverage the cloud.
What’s with all the buzz surrounding the cloud?
So, many small business owners might be thinking – what does the “cloud” have to do with my business? Well, simply put, it alleviates the burden from your shoulders and instead shifts the responsibility to a company that is built to deliver a specific, targeted function. This could be e-mail, sales tools, cyber security, file storage, backups, website, a phone system, and anything else your business might need to maintain day-to-day operations.
Not only does a cloud provider take the burden off your business, it also does so affordably for businesses that can’t front the cost of a substantial starting point investment. Most of these cloud services are month-to-month and can grow and contract with your needs.
Let’s talk next about management and the process of updating all these applications, because that’s also included! Cloud services inherently provide the most up-to-date software, so you aren’t left using that 10-year-old version of Excel as a last resort. Remember – old software means vulnerable software, so as a best practice, keep your software up to date to avoid falling victim to the latest attacks.
All this buzz surrounding the cloud culminates into providing your business with a secure and accessible platform to carry out day-to-day operations. So with all of your apps and data securely offsite in the cloud, what about protecting all that Internet traffic your employees are creating to access their cloud-based apps?
So, my firewall doesn’t block all the bad stuff?
It goes without saying that everyone at this point has a firewall of some sort in place. Even if you purchase the lowest cost service for Internet, it will come with a basic firewall. Firewalls simply provide a gateway between the computers in your office and the wild, wild Internet.
Once you open up that gateway to allow your computers to access the Internet, the fun begins – at least for a hacker that is. Does better cyber security exist, or are we doomed to be at the hackers’ mercy? Yes, there is something better, as firewalls for many years have been getting more and more advanced in providing next-gen filtering to put a halt to hackers’ efforts.
The main takeaway here is that not all firewalls are created equal, and finding a firewall or security service that provides what you need can be an overwhelming challenge at times. These advanced firewalls, or next-generation firewalls (NGFW), provide a group of security services typically referred to as unified threat management (UTM). UTM is simply a fancy acronym for, “a tool to safeguard your network and prevent entry of threats all in one place.” This type of security service can be provided as a hardware device, managed fully by your business, or provided as a service (cloud) and managed by your provider.
These advanced firewalls and security services provide such things as detecting and preventing intrusion detection systems (IDS) and intrusion prevention systems (IPS) blocking attempts that malware might make to phone home (botnet defense), malware detection and prevention, malicious website activity, and many other areas that will protect your business. Most malware does its damage when someone clicks or launches something on their computer, so having a firewall that can provide an advanced level of protection if that occurs will save your company time and protect its resources.
Speaking of our employees, let’s talk a bit about how we can educate them.
Employees really don’t know what will hurt them
It’s vital that your IT team stays refreshed on all things security-related – including the latest best practices. But what about your other employees; aren’t they the ones who will more than likely come face-to-face with a link they shouldn’t click? Most malicious activity comes from someone interacting with a webpage or an email. If we can educate our users to exercise caution and make them aware of the latest trends in cyber activity, we can give them the confidence to avoid making the fatal error with a wrong click.
Try implementing a monthly cyber awareness newsletter that educates your employees about the latest malware and hacking attempts. Most of the malicious links, websites, and email that workers view will be repeats of known malware, so educating them will lead to an increased chance of employees flagging suspicious activity. Cyber awareness will also maintain a heightened level of attention. Policies are great to protect your business, but be sure to communicate and educate your employees on what those policies are trying to protect or accomplish, otherwise they are just hidden rules within a vast ocean of documents.
Protecting your data, leveraging the cloud, using advanced firewall services, and educating your users will ensure your SMB is headed down the right path. Find a good partner who can lead you down this route, and you as the SMB owner can rest easy that your company’s most important information is as safe as can be. And with that worry off the table, you can spend your time focusing on what really matters – like growing your business!
Jason Graf is My Digital Shield’s Vice President of Operations. Graf is responsible for providing operational oversight to ensure that MDS’ services are implemented, managed and supported successfully by its channel partners and small business customers. Jason brings more than 15 years of industry experience, servicing small businesses with IT security needs. Having served at the management level at various IT service providers, Graf has proven expertise in implementing operational improvement and standardization. Jason has an extensive track record for quickly learning about existing and emerging technologies, implementing those technologies and effectively communicating their capabilities to end users. Most recently, Graf served as the Director of Project Services at The IT Company LLC and prior to this role served as the IT Manager at Sword and Shield Enterprise Security and Claris Networks. A Microsoft certified trainer, he has been an instructor at New Horizons Computer Learning Center since 2012.