In a nutshell: Enlist your employees in the ongoing effort to protect your small business’ vital data and IT systems.
Computer attacks can happen to anyone, but CNBC warns there’s a new wave of viruses targeting small businesses.
Yet small businesses don’t always have the IT resources and budgets of large companies to protect networks, automate secure backups and restore systems after a breach. Hackers know this and are directing their malicious efforts toward more vulnerable companies. In fact, hackers know that small businesses can unintentionally provide entry to bigger ones, with even more data.
Your employees can be the first line of defense against cyberthreats, so it’s imperative they know what to do to keep your organization safe. Here’s what to teach them. Remember that employees are just part of the solution — senior leaders and the IT function need to be taking preventative steps as well.
Lesson 1: Create Strong Passwords and Change Them Frequently
Create a password policy for your employees. Strong passwords are one of the keys to protecting electronic data, according to SmallBusinessComputing.com’s “Create Strong Passwords for your Small Business.” Companies often use the same login credentials for everybody, but this is a big mistake. Instead, passwords should be unique and should have no recognizable words. Ideally, passwords should be at least 10 characters long and include a mix of numbers, letters and special characters.
Additionally, require that your employees change passwords every 90 days. If employees complain about remembering abstract passwords and changing them all the time, consider using a credential management application such as 1Password, LastPass, RoboForm or LogMeOnce. These programs enable users to securely store and easily retrieve passwords for multiple systems. The important part is to make sure everyone in the organization is on board. One weak link can allow a breach to happen.
Lesson 2: Use a VPN
A VPN, or virtual private network, is a group of computers networked together over a public network; they act as a virtual version of a secure physical network. A VPN is essential for small businesses, especially those that would like employees to be able to securely access company resources (including files, applications and printers), particularly if they work remotely. A VPN can be set up to allow access to digital resources from anywhere and provides an extra layer of security when using Wi-Fi in a public place such as a coffee shop or airport.
You can create your own VPN or use a provider if you aren’t tech savvy or prefer not to deal with it, according to Small Business Trends’ “What is a VPN? Everything a Small Business Owner Needs to Know.” Free and paid versions are available.
Lesson 3: Beware Phishing
It should be easy for employees to avoid clicking on links or opening attachments that are suspicious, right? Not really. Some are so sophisticated that even techies fall for them. The danger is that suspicious links might lead to a page that appears to be real but collects your private information. Email attachments can install malware on your device.
Follow these tips from Wired’s “Phishing Scams Even Fool Tech Nerds – Here’s How to Avoid Them” to prevent an attack, and be sure to share these with your employees.
- Always think twice before clicking. Phishers must be clever to get you to engage and steal your data. To do so, they often will prey on your emotions. So, be wary; if something doesn’t feel right, it’s probably not.
- Phishing emails can look like they’re coming from a coworker or vendor – and sometimes do come from these sources if their accounts have already been compromised. Simply avoiding clicking on emails from people you don’t know doesn’t always work. Look closely at the address to be sure it really is coming from the email address you think it is, and be suspicious of any message that seems out of character for the sender.
Periodically updating your employees about what phishing scams you’re hearing about and incorporating some proactive policies into your employee handbook should provide some peace of mind that everyone in your organization is doing what they can to protect their data and yours.