Business owners have had a lot to worry about over the past month and a half. Retail shops and restaurants have been forcibly closed by executive order. Teachers, coaches, lawyers and accountants have all moved online. Even happy hours are now virtual. Telemedicine, virtual classrooms, and video conferencing are all here to stay.
With all this focus on digitization, adaptation and survival, it’s equally important to ensure the new processes and technologies you’re using don’t introduce new and unnecessary risks. Let’s face it, your employees need to access your business software and files from home in order to do their jobs. Your teams need chat and collaboration tools to work on projects and coordinate with customers. Brick and mortar stores need eCommerce sites to stay afloat and generate cash. But if hastily implemented and poorly secured, these great technology assets can quickly become a liability for your business.
What to do in the short – and longer – term
Here are a few things every business owner should take stock of right now.
- Limit use of personal computers & devices – While many employees may have work laptops they use at home, it’s likely you’ll see more personal devices accessing company data. This could be an employee drafting an important sales proposal on their home PC (which may also be shared with their teenage kids), or be something as innocent as using a personal phone to make business calls. Every time you have company data that leaves your network or being stored or processed on potentially insecure devices, you’re increasing your risk of data leakage, theft, or loss. This is especially important if you deal with sensitive personally identifiable information (SPII) or are subject to industry or contractual confidentiality requirements.
- Keep software secure and up-to-date – Ensure that all machines being used to handle company data are protected with the latest security patches and antivirus software. Windows releases major security updates on the second and sometimes fourth Tuesday of each month. The maker of your business software will have their own schedule. You can check their website to see if you’re on the latest version, or usually go to the About menu in your program to either turn on “Automatic Updates” or do a manual “Check for Updates”. Most anti-virus programs require updated virus signature files in order to detect and block the latest threats. Make sure yours is running and set to auto-update.
- Enable multi-factor authentication (MFA) – If you use a lot of online software (software-as-a-service or cloud software) and you’re serious about improving security, turning on MFA is probably the single best thing you can do. The majority of cyber attacks start with a compromised password. MFA ensures that in addition to a valid username and password, you need the matching Authentication Code for the account in order to login. This code changes every 45-60 seconds. Not every SaaS solution supports MFA, but if it’s an available option in your Admin settings, you should definitely turn it on.
- Beef up your home network security – Now more than ever, remote workers must be diligent about what types of systems are on their home network that could become an attack vector for a cyber security threat. If you have connected devices such as online security cameras, smart speakers, smart appliances, smart TVs, connected printers, or home automation, you may already be at risk. A properly configured smart firewall can help prevent attacks by blocking any internet traffic using non-standard communication ports, or going to/from a list of known “bad” IP addresses.
- Remember that humans are the weakest security link – All members of the household need to be trained on good security practices. This includes how to avoid falling victim to an email phishing attack, paying close attention to unusual or unexpected email attachments, never clicking links in emails, and avoiding “clickbait” ads on webpages. Kids and members of the household who are not actively working may be especially vulnerable to these attacks if they’ve had no previous training or experience with good cyber security practices. An infection on your teenager’s iPad can easily spread through your network and compromise your work laptop.
- Secure and control your data – Whether your employees work with paper files or everything is digital, it’s important to retain central visibility and control of business data wherever it resides. Where possible, employees should continue to use company approved data storage solutions, even while working from home. If you don’t have a company VPN and they can’t access company shared drives when they’re away from of the office, now may be the time to invest in a business subscription to a popular cloud or file sharing network like Microsoft 365.
- Backup, backup, backup – With people and data in disparate locations, and work happening on computers and devices with varying levels of security and quality, it’s more important than ever to have a solid, company-wide backup plan. If an employee’s laptop died or got hacked, it could easily take 3 times longer than normal to get an IT person out to their house to fix their computer and restore or manually recreate their data. With a recent backup, they can get back to work in minutes, and you avoid days or weeks of hassle and downtime.
This country would grind to a halt without the products and services that Main Street small business owners provide. In these difficult times, when small business owners across the country are struggling to stay alive – and looking for ways to pivot and thrive – the last thing they need is to face a security or IT related setback. These simple tips can help you avoid potential landmines that could put your business at further risk.
If you have questions on any of the recommendations above, I invite you to call me at 561-747-6880 or reach out via email. For anyone who needs or wants it, I am also making available 100 individual data backup plans (1 PC, 100GB of data) for free during this pandemic.
Cathy Miron is the CEO of eSilo, a Jupiter, FL based data backup and data protection company, that serves small businesses and non-profit organizations. She is a certified small business mentor with SCORE, and a Board Member of the Palm Beach Tech Association, a 503(c)(6) organization.