Jason Hong | June 19, 2013

Computer Security Basics for Small Businesses

Let’s say that you’re running a small business and are worried about computer security. What are some basic precautions you can do to protect yourself? Because, let’s face it, you’re busy keeping your business running, and don’t have a lot of time or energy to devote to computer security.

Here are some relatively simple precautions you can take to blunt many of the most common cyber security risks.

1. Ensure physical security of your offices and computers

As a small business, one big risk is the physical security of your office. Criminals have been known to target small businesses and break into offices to steal projectors and computers so that they can resell them on the gray market.

While you cannot prevent all theft, you can certainly make it harder through a few straightforward practices. These include having secured laptop cables that people can use to lock their computers to their desks, having important computers locked inside of a server rack, and making sure that your office doors are properly closed and locked at the end of each day.

2. Make use of online banking features to improve security

Many online banking services offer features to help with security. For example, a few banks offer two-factor authentication to minimize risks of stolen passwords. Many other banks offer notifications on large money transfers (over email or SMS), making it easier to be aware if there are any unusual transfers.

3. Use encryption on any WiFi access points you have

WiFi is useful not just because it lets you be wireless, but also because it offers Network Address Translation (also known as NAT). The nice thing about NAT is that it makes it harder for remote computers to directly connect to your computer, minimizing potential risks of automated breaches.

However, be sure to put passwords on your WiFi access points, to make it harder to intruders to snoop on what you are doing. Note that all WiFi routers have two different passwords. The first is an administrator password, and it lets you login and configure the router. Newer WiFi access points have passwords set by default, but a lot of older routers have well-known default usernames and passwords (for example username “admin” and password “password”) that would make it trivial for anyone to break into your office’s network.

The second password is for WiFi encryption, and it lets you (and your employees) use your WiFi router to access the Internet. Sometimes, on older routers, there isn’t a WiFi encryption password, meaning that anyone can use your WiFi to access the Internet. If this is the case, you should turn encryption on and create a password that can be shared with people you trust.

4. Teach your employees about phishing and malware

A 2011 report by Microsoft stated that most malware attacks require some kind of user interaction, such as clicking on a link, agreeing to install some software, or plugging in a USB key. The same is true for phishing attacks as well, in that the goal of phishing is to trick people into sharing sensitive information.

As such, it is critical to make sure that your employees know how to identify and avoid these kinds of attacks. Some basic steps here can help. For example, don’t install software that you weren’t expecting to install. Example tricks include fake video software, fake bank software that pretends to protect your bank account, and fake anti-virus software that pretend to protect your computer.

As another example, don’t click on links in email that seem strange. If the email seems phrased funny, or just feels off, then look at who the email is from as well as the URL of where the link goes to. Remember, it’s easy for a thief to create fake emails, and many of them have succeeded in stealing money from small businesses by tricking the person reading the email.

See here and here for some examples of fake emails about payroll processing.

5. Back up your data

Everyone knows that they should back up their data, but very few people actually do it on a regular schedule. This is why it’s useful to use some software or online services that can periodically back up your data. Just do a search and you’ll find plenty of options. The worst time to wish that you had backed up your data is right after you’ve lost it.

 

 

Subscribe to Our Blog

2018 State of the Phish Report  Protect your organization from phishing attacks. Download Now
2018 Beyond the Phish Report  Protect your organization from threats including and beyond phishing. Download Now