Cybersecurity Blog | Ingalls Information Security

Small Business Cybersecurity Quick Wins

Written by National Cyber Security Alliance | Oct 17, 2022 4:00:00 AM

Small businesses are quickly deploying various technologies to better serve their customers and manage their business more efficiently. Different kinds of technologies, however, come with a variety of risks and, thus, require specific strategies to protect them. Our “Quick Wins” blog and infographic can be used as a starting point as a content outline for your own security awareness training program. 

QUICK WINS FOR COPIER / PRINTER / FAX SECURITY.
DIGITAL COPIERS / PRINTERS / FAX MACHINES ARE COMPUTERS TOO.

  • Change the default password to a strong and unique passphrase
  • Ensure devices have encryption and overwriting
  • Take advantage of all the security features offered
  • Secure/wipe the hard drive before disposing of an old device
  • Click here to learn more

 


QUICK WINS FOR EMAIL SECURITY.
WHEN IN DOUBT, THROW IT OUT.
BE EXTRA CAUTIOUS WHEN IT COMES TO EMAIL.

  • Require strong, unique passphrases on email accounts
  • Turn on two-factor authentication
  • Do not use personal email accounts for company business
  • Employees should be trained not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source. Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful email
  • Click here to learn more


QUICK WINS FOR FILE SHARING.
SHARING IS CARING, ONLY WHEN DONE SECURELY.

  • Restrict the locations to which work files containing sensitive information can be saved or copied
  • If possible, use application-level encryption to protect the information in your files
  • Use file-naming conventions that don’t disclose the types of information a file contains Monitor networks for sensitive information, either directly or by using a third-party service provider
  • Free services do not provide the legal protection appropriate for securing sensitive information
  • Click here to learn more

 

 


QUICK WINS FOR MOBILE DEVICES.
KEEP A CLEAN MACHINE FOR ON-THE-GO DEVICES.

  • Update security software regularly. Go ahead, update your mobile software now.
  • Delete unneeded apps and update existing apps regularly
  • Always download apps from a trusted source and check reviews prior to downloading Secure devices with passcodes or other strong authentication, such as fingerprint recognition
  • Turn off Discovery Mode
  • Activate “find device” and “remote wipe”
  • Configure app permissions immediately after downloading
  • Click here to learn more 

 

 


QUICK WINS FOR POINT OF SALE SYSTEMS.
HACKERS ARE OFTEN FINANCIALLY MOTIVATED.
DON’T MAKE IT AN EASY PAYDAY.

  • Change from manufacturer's default admin password to a unique, strong passphrase
  • Use a network monitoring app to scan for unwanted users
  • Restrict remote administrative management
  • Log out after configuring
  • Keep firmware updated
  • Click here to learn more

 


QUICK WINS FOR ROUTERS.
YOUR HOME OR BUSINESS NETWORK IS NOT TOO SMALL TO BE HACKED.

  • Create unique, strong passphrases
  • Separate user and administrative accounts
  • Keep a clean machine: Update software regularly
  • Avoid web browsing on POS terminals
  • Use antivirus protection
  • Click here to learn more

 


QUICK WINS FOR SOCIAL NETWORKS.
SOCIALIZE ONLINE WITH SECURITY IN MIND.

  • Limit who has administrative access to your social media accounts
  • Set up 2-factor authentication
  • Configure your privacy settings to strengthen security and limit the amount of data shared. At the very least, review these settings annually
  • Avoid third-party applications that seem suspicious and modify your settings to limit the amount of information the applications can access. Make sure you’re accessing your social media accounts on a current, updated web browser
  • Click here to learn more

 


QUICK WINS FOR SOFTWARE.
HAVING THE LATEST SECURITY SOFTWARE, WEB BROWSER AND
OPERATING SYSTEM ARE THE BEST DEFENSE AGAINST THREATS.

  • Make sure your computer operating system, browser, and applications are set to receive automatic updates
  • Ensure all software is up to date. Get rid of software you don't use
  • Your company should have clear, concise rules for what employees can install and keep on their work computers
  • When installing software, pay close attention to the message boxes before clicking OK, Next or I Agree
  • Make sure all of your organization’s computers are equipped with antivirus software and antispyware. This software should be updated regularly
  • Limit access to data or systems only to those who require it to perform the core duties of their jobs
  • Click here to learn more

 

 


QUICK WINS FOR THIRD PARTY VENDORS.
DO YOUR DUE DILIGENCE,
GET IT IN WRITING AND MONITOR COMPLIANCE.

  • Spell out your privacy and security expectations in clear, user-friendly language to service providers
  • Understand how their services work and to what you are giving them access
  • Build in procedures to monitor what service providers are doing on your behalf
  • Review your privacy promises from the perspective of a potential service provider
  • Spell out expectations and scope of work in a formal agreement/contract
  • Click here to learn more

 

 


QUICK WINS FOR USB DRIVES.
THESE SMALL DEVICES CAN EASILY CREATE HUGE SECURITY ISSUES.

  • Scan USBs and other external devices for viruses and malware
  • Disable auto-run, which allows USB drives to open automatically when they are inserted into a drive
  • Only pre-approved USB drives should be allowed in company devices. Establish policies about the use of personal, unapproved devices being plugged into work devices
  • Keep personal and business USB drives separate
  • Don’t keep sensitive information on unencrypted USB drives. It is a good practice to keep sensitive information off of USB drives altogether
  • Learn More: https://www.us-cert.gov/ncas/tips/ST08-001

 


QUICK WINS FOR WEBSITE SECURITY.
CREATE A SAFE ONLINE SHOPPING EXPERIENCE FOR YOUR CUSTOMERS.

  • Keep software up-to-date
  • Require users to create unique, strong passphrases to access
  • Prevent direct access to upload files to your site
  • Use scan tools to test your site’s security – many are available free of charge
  • Register sites with similar spelling to yours
  • Click here to learn more

 

 


QUICK WINS FOR WI-FI SECURITY.
THINK BEFORE YOU CONNECT.

  • Use separate Wi-Fi for guests or customers than you do for business
  • Physically secure Wi-Fi equipment
  • Use a virtual private network (VPN) when using public Wi-Fi
  • Do not connect to unknown, generic or suspicious Wi-Fi networks. Use your mobile carrier's data plan to connect instead
  • Turn off Wi-Fi and Bluetooth when not in use on your devices
  • Secure your internet connection by using a firewall, encrypt information and hide your Wi- Fi network
  • Click here to learn more 
View full post