When web presences began to take off, it was debatable what constituted an effective site. Thirty years later, I hear the same questions being asked. Do updated graphics and imagery attract more customers? Does frequently-updated content bring customers to your site? Does intuitive navigation make any difference? What about mobile compatibility? Adaptive needs support? Search engine placement? Social media presence?
The list is extensive, seems to repeat every few years, or, whenever a new platform or service emerges.
All of those items are important to a successful business presence, especially a business that is driven by an online customer base. And, you shouldn’t neglect securing your online business presence.
However, I’d argue that there are other items of equal, perhaps, more significant importance when evaluating your business technology operations.
Not paying attention is a problem in different avenues. Technology is synonymous with change. If you use technology and expect that technology to simply keep running, need no maintenance, you’re setting yourself up for failure.
Your information technology is no different than mechanical devices. Information technology requires attention. Complacency with all technology will result in poor performance, and, ultimately, failure.
Verizon produces an annual data breach investigation report. The information housed within the report is outstanding and terrifying.
Small businesses are a favorite target for cyberattacks.
According to the most recent Verizon report, almost two-thirds of all cyberattacks were directed at small businesses and individuals. The average cost for a business to recover from a successful cyberattack exceeded $400,000. And shockingly, nearly sixty percent of all business go out of business within six months of a successful cyberattack.
In the same report, a survey revealed that ninety percent of small businesses don’t use any data protection at all for company and customer information.
Wow. Ninety percent of small businesses do not use any software or service to protect data.
I’m not a website expert, but, I’ll offer this: it doesn’t matter how pretty your website’s images are or how well you place in search engines results, if you can’t protect your business data and customer data, you won’t be in business long. Similarly, your Twitter account might be on fire, but, if you hemorrhage data, your social media site will become a collection of outdated memes and twisted puns.
So, what are you to do? How do you protect your business and your customers?
Ordinarily, this is where a list would emerge. A top ten, or, top five delineation of chores to review or pursue.
For this discussion, let’s keep things simple. We have two stacks: the easy items and the more difficult items.
Let’s start with the easy stack.
Raise employee awareness. Human error accounts for a sizable portion of the successful cyberattacks. If you fail to inform your employees about the importance of data management and securing information, you shouldn’t be surprised that they open all email attachments and click every link in every email messages. Set the stage with commonsense advice: beware of fake invoices, don’t open unsolicited email attachments, don’t click on peculiar links, ask for help before “trying” a new app on your work device. If you train staff to spot and report security concerns, you will create a solid defense.
Backup your data. Often. Yes, more than once a month.
Regular backups are necessary. If you experience a ransomware attack, loss of storage systems, a recent backup will have you up-and-running quickly. That is, if you also test your regularly-occurring backups.
You only cover half the field by starting a frequent backup process. If you don’t test those backups, you cannot have confidence in the process.
Backup frequently and test regularly.
Install anti-virus and anti-malware software and enable automatic updates and scans. This is an easy, low-cost protection. Yes, the software will slow your computers. Would you rather the computers work slowly or not at all?
Update your software, especially the operating system. Modern operating systems can install and update patches automatically. If your business efforts can accommodate a fast, frequent patching process, enable automatic updates. If you have a business need to review the patches and install manually, schedule at least once per month.
Use complex passwords, passphrases. Don’t use easy passwords, just don’t. The would-be bad guys enjoy easy passwords – they’re the gift that keeps on giving. Where available, enable two-factor authentication. Often, the service is included in modern software – turn it on and turn up the difficulty to breaking into your systems.
Survey your paper documents and how you store your various computing devices.
Do you have paper scattered everywhere? Are filing cabinets locked? Are computers locked and secured to a heavy structure? Do employees walk around with USB thumb drives? Do you shred all discarded documents?
Physical security is vital. Not all theft of data occurs through a cyberattack. Crafty criminals will dig through trash, collect items from desks, take photos of computer screens, or, walk out the door with a computer.
And lastly, don’t allow personal devices on your networks. You have too much to worry about already as a small business owner. Your employees’ cellphones aren’t your concern and shouldn’t have access to your business network. Eliminate the security risk by refusing to allow the devices.
Small, easy tasks will enhance your security posture quickly.
And now, let’s move to the more difficult stack. Be safe and we will continue next time.
Fabella Security 
You must be logged in to post a comment.