Small Business Cybersecurity Quick Wins

Small businesses are quickly deploying various technologies to better serve their customers and manage their business more efficiently. Different kinds of technologies, however, come with a variety of risks and, thus, require specific strategies to protect them. Our “Quick Wins” blog and infographic can be used as a starting point as a content outline for your own security awareness training program. 

QUICK WINS FOR COPIER / PRINTER / FAX SECURITY. DIGITAL COPIERS / PRINTERS / FAX MACHINES ARE COMPUTERS TOO. Change the default password to a strong and unique passphrase Ensure devices have encryption and overwriting Take advantage of all the security features offered Secure/wipe the hard drive before disposing of an old device Click here to learn more

QUICK WINS FOR EMAIL SECURITY.
WHEN IN DOUBT, THROW IT OUT.
BE EXTRA CAUTIOUS WHEN IT COMES TO EMAIL.

• Require strong, unique passphrases on email accounts
• Turn on two-factor authentication
• Do not use personal email accounts for company business
• Employees should be trained not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source. Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful email
• Click here to learn more
  
  

QUICK WINS FOR FILE SHARING.
SHARING IS CARING, ONLY WHEN DONE SECURELY.

• Restrict the locations to which work files containing sensitive information can be saved or copied
• If possible, use application-level encryption to protect the information in your files
• Use file-naming conventions that don’t disclose the types of information a file contains Monitor networks for sensitive information, either directly or by using a third-party service provider
• Free services do not provide the legal protection appropriate for securing sensitive information
• Click here to learn more

QUICK WINS FOR MOBILE DEVICES.
KEEP A CLEAN MACHINE FOR ON-THE-GO DEVICES.

• Update security software regularly. Go ahead, update your mobile software now.
• Delete unneeded apps and update existing apps regularly
• Always download apps from a trusted source and check reviews prior to downloading Secure devices with passcodes or other strong authentication, such as fingerprint recognition
• Turn off Discovery Mode
• Activate “find device” and “remote wipe”
• Configure app permissions immediately after downloading
• Click here to learn more 

QUICK WINS FOR POINT OF SALE SYSTEMS.
HACKERS ARE OFTEN FINANCIALLY MOTIVATED.
DON’T MAKE IT AN EASY PAYDAY.

• Change from manufacturer's default admin password to a unique, strong passphrase
• Use a network monitoring app to scan for unwanted users
• Restrict remote administrative management
• Log out after configuring
• Keep firmware updated
• Click here to learn more

QUICK WINS FOR ROUTERS.
YOUR HOME OR BUSINESS NETWORK IS NOT TOO SMALL TO BE HACKED.

• Create unique, strong passphrases
• Separate user and administrative accounts
• Keep a clean machine: Update software regularly
• Avoid web browsing on POS terminals
• Use antivirus protection
• Click here to learn more

QUICK WINS FOR SOCIAL NETWORKS.
SOCIALIZE ONLINE WITH SECURITY IN MIND.

• Limit who has administrative access to your social media accounts
• Set up 2-factor authentication
• Configure your privacy settings to strengthen security and limit the amount of data shared. At the very least, review these settings annually
• Avoid third-party applications that seem suspicious and modify your settings to limit the amount of information the applications can access. Make sure you’re accessing your social media accounts on a current, updated web browser
• Click here to learn more

QUICK WINS FOR SOFTWARE.
HAVING THE LATEST SECURITY SOFTWARE, WEB BROWSER AND
OPERATING SYSTEM ARE THE BEST DEFENSE AGAINST THREATS.

• Make sure your computer operating system, browser, and applications are set to receive automatic updates
• Ensure all software is up to date. Get rid of software you don't use
• Your company should have clear, concise rules for what employees can install and keep on their work computers
• When installing software, pay close attention to the message boxes before clicking OK, Next or I Agree
• Make sure all of your organization’s computers are equipped with antivirus software and antispyware. This software should be updated regularly
• Limit access to data or systems only to those who require it to perform the core duties of their jobs
• Click here to learn more

QUICK WINS FOR THIRD PARTY VENDORS.
DO YOUR DUE DILIGENCE,
GET IT IN WRITING AND MONITOR COMPLIANCE.

• Spell out your privacy and security expectations in clear, user-friendly language to service providers
• Understand how their services work and to what you are giving them access
• Build in procedures to monitor what service providers are doing on your behalf
• Review your privacy promises from the perspective of a potential service provider
• Spell out expectations and scope of work in a formal agreement/contract
• Click here to learn more

QUICK WINS FOR USB DRIVES.
THESE SMALL DEVICES CAN EASILY CREATE HUGE SECURITY ISSUES.

• Scan USBs and other external devices for viruses and malware
• Disable auto-run, which allows USB drives to open automatically when they are inserted into a drive
• Only pre-approved USB drives should be allowed in company devices. Establish policies about the use of personal, unapproved devices being plugged into work devices
• Keep personal and business USB drives separate
• Don’t keep sensitive information on unencrypted USB drives. It is a good practice to keep sensitive information off of USB drives altogether
• Learn More: https://www.us-cert.gov/ncas/tips/ST08-001

QUICK WINS FOR WEBSITE SECURITY.
CREATE A SAFE ONLINE SHOPPING EXPERIENCE FOR YOUR CUSTOMERS.

• Keep software up-to-date
• Require users to create unique, strong passphrases to access
• Prevent direct access to upload files to your site
• Use scan tools to test your site’s security – many are available free of charge
• Register sites with similar spelling to yours
• Click here to learn more

QUICK WINS FOR WI-FI SECURITY.
THINK BEFORE YOU CONNECT.

• Use separate Wi-Fi for guests or customers than you do for business
• Physically secure Wi-Fi equipment
• Use a virtual private network (VPN) when using public Wi-Fi
• Do not connect to unknown, generic or suspicious Wi-Fi networks. Use your mobile carrier's data plan to connect instead
• Turn off Wi-Fi and Bluetooth when not in use on your devices
• Secure your internet connection by using a firewall, encrypt information and hide your Wi- Fi network
• Click here to learn more