Written by: Guest | Best Company Editorial Team
Last Updated: February 24th, 2020
Guest Post by Brent Whitfield
What is the likelihood that your small business will be targeted by cybercriminals? While most hackers do aim for bigger targets, a sizeable 43 percent of attacks are aimed at small to medium size businesses (SMBs). Why? One of the reasons is that small businesses offer low-hanging fruit by often being poorly prepared for such an attack. In fact, only 14 percent of small businesses are confident they have highly effective defenses.
To ensure you are among that minority, here are 10 tips for securing your business network:
1. Check your network configuration and change default settings
Many routers, servers, printers, and other pieces of equipment are shipped with default security credentials such as usernames and passwords. Hackers can easily obtain this information and will always try these details first. Once inside, they can access sensitive data while locking genuine employees out by updating log-in details.
Rather than giving cybercriminals an easy steal, small business owners should change the default settings of any new device or piece of hardware immediately. It is also a good idea to rename equipment based on a standard naming convention. This will make it easier to monitor the network for signs of hacker activity.
For routers, select the WPA2 encryption protocol as this is the most secure option and in most cases will be compatible with all of your network devices.
2. Keep software updated and set a password strategy
Get out of the habit of clicking the 'Remind Me Later' option when receiving vendor updates. These updates will contain patches to fix the most recently discovered weak spots. Until they have been applied, your network will be vulnerable to any attacks aimed at these areas.
It is also good practice to set your system up to send out regular reminders for all users to change their passwords. Your password strategy should cover the frequency of these change requests and the form of the passwords to be used. For example, best practice has shifted from random strings of letters, numbers, and symbols to memorable phrases that are hard to guess.
3. Enable your firewalls
Most routers come equipped with a built-in firewall, but did you know that these are not always activated out of the box. If you are unable to locate the firewall settings, look for either stateful packet inspection (SPI) or network address translation (NAT) and make sure these are activated.
At the same time, check your Operating Systems and make sure that the firewalls are active so there as a second line of defence. These are sometimes disabled by default so it is worth checking. For Windows 10, go into the Control Panel, click on 'System and Security' and then click on 'Windows Firewall.' You can then toggle the firewall on or off via the left-hand navigation pane.
4. Physically protect your network equipment
The hacks we have presented so far have all focused on configuring devices and updating settings, but business owners also have to make sure that their physical equipment is not in a position where it can be compromised.
Can you be 100 percent certain who has access to your routers and servers at any point of the day or night? To avoid the possibility of criminals tampering with your hardware, consider setting up 24/7 monitoring by installing video surveillance.
This would also be a good opportunity to look at the general environment where your equipment is located. Is it at risk of being physically damaged? Is the air dusty? Is the room too hot or cold? Providing the ideal environment for your hardware will lengthen its lifespan.
5. Get expert help from an IT consulting firm
To ensure your security is watertight, it is usually worth investing in outside help. From Miami to Los Angeles, IT support providers now tend to offer a wide array of consultation and security solutions for SMBs.
If you don't already have a relationship with a nearby consultant, simply type ‘IT Services Los Angeles’ (or whatever your city is) and you will get a list of companies to research. Look under their 'Services' list and you will almost always find 'Cyber Security' or similar listed.
Make sure you check their credentials and reviews before signing anything.
6. Split wireless access points and use virtual data rooms (VDR)
If guests are allowed to use your Wi-Fi or otherwise connect into your wireless network, it should be impossible for them to access your core business systems. Most routers use multiple Wi-Fi bands and you can create multiple access points by assigning different Service Set Identifiers (SSIDs) to your guest and business networks and setting different rules for each.
For your most sensitive data, consider using Virtual Data Rooms (VDRs). Also known as 'deal rooms' due to their usage for confidential M&A deals, VDRs can only be accessed via a dedicated website or application and can be taken down at any moment.
7. Scan for rogue access points
The most dangerous access points to your business network are those you don't even know exist. Unauthorized employee workarounds and IoT devices connected to BYOD smartphones are just two ways in which new access points could be set up on your corporate network without your knowledge.
Access point scanning software can help to uncover this 'shadow IT' and shore up your network. Another good way to spot rogue access points is by following a strict naming policy when adding new equipment and devices to a network. This will make unnamed devices stand out much more clearly.
8. Take out cyber insurance
Cyber insurance may seem like a luxury but it is a sobering fact that 60 percent of small businesses hit by a cyberattack go out of business within six months. The right kind of cyber insurance could help to save your business from such a fate.
Before taking out a specific cyber insurance policy, check your policy documents to see whether your business insurance already includes any cyber protection. In addition to the costs of system damage and lost business hours, a cyber policy should provide some protection from the legal costs and fines that might follow a serious breach.
9. Beware of internal attacks
If securing your company from external threats wasn't a big enough challenge, security information provided by IBM highlights the bigger problem of insider threats. And of the 55 percent of negative cyber events emanating from within, a shocking 31.5 percent are deliberate.
Fortunately, cybersecurity tools can monitor user behavior for anomalies such as log-ins from remote locations at unusual times or with an abnormal frequency.
Be stringent with your access management policies so employees only have the access they need and are removed promptly when they leave the company.
10. Bring your training up to date
Finally, to minimize accidental insider breaches, it is vital that businesses of all sizes keep up to date with the latest guidelines on cybersecurity and that any updates are reflected in their training packages.
For maximum impact, all new starters should receive comprehensive cyber security training during their on-boarding process and then refresher training should be carried out on a regular basis for all staff.
Following these 10 steps will maximize your chances of repelling both external and internal attacks and avoiding the devastation of a cyber breach.
Brent Whitfield is the CEO of DCG Technical Solutions Inc. DCG provides the specialist advice and IT Support Los Angeles area businesses need to remain competitive and productive, while being sensitive to limited IT budgets. Brent has been featured in Fast Company, CNBC, Network Computing, Reuters, and Yahoo Business. https://www.dcgla.com was recognized among the Top 10 Fastest Growing MSPs in North America by MSP mentor. Twitter: @DCGCloud