Share This Post

Startup

10 cyber Security Tips for Startups and Small Business.

By Peeyoosh Kumar on 3 Comments / 4083 views

Broadband and information technology are powerful tools for small businesses to reach new markets and increase sales and productivity. However, cybersecurity threats are real and businesses must implement the best tools and tactics to protect themselves, their customers, and their data. Here are ten key cybersecurity tips to protect your small business:

 

1. Train employees in security principles. Establish basic security practices and policies for employees, such as requiring strong passwords and establish appropriate Internet use guidelines, that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.

 

2. Protect information, computers, and networks from cyber attacks. Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.

 

3. Provide firewall security for your Internet connection. A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall.

 

4. Create a mobile device action plan. Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.

 

5. Make backup copies of important business data and information. Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud.

 

6. Control physical access to your computers and create user accounts for each employee. Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.

 

7. Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.

 

8. Employ best practices on payment cards. Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.

 

9. Limit employee access to data and information, and limit authority to install software. Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.

 

10. Passwords and authentication. Require employees to use unique passwords and change passwords every three months. Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account

#StaySecure

Comments

Share This Post

Rodinstar Posts

3 Comments

  1. Nice

    what about designing a BYOD policy?

    Do you have a draft?

  2. As employers and employees become more heavily dependent upon immediate communications through the use of smart phones, many companies still have not created or implemented Bring Your Own Device (BYOD) policies. As a result, employers are vulnerable in having their confidential business and trade secret information exposed, or worse, taken. Employers also risk having legal claims, such as harassment or defamation, asserted against them because of the communications employees make using their smart phones.

    To minimize these risks, employers may want to consider implementing sound BYOD policies. Below are a few things to take into account when drafting a BYOD policy.

    Deciding the Scope

    In creating a BYOD policy, employers may first want to determine what smart phones and tablets employees are using. Then, in creating the policy, the company can decide whether the BYOD policy applies only to smart phones or does it include the tablets. Employers will want to clearly communicate which devices it will and will not support as well as the information that will be permitted to be accessed through those devices.

    Requiring Passwords

    Similar to requiring an employee to log on and use a password with his/her company-issued computer, the BYOD policy might include the same requirement. Because smart phones or tablets can more easily be lost or stolen, strong passwords should be required, not just a simple 4-digit pin. Instead, most experts recommend that the passwords entail an alphanumeric password.

    Employees are often resistant to these types of passwords because it does not provide immediate access to information. A strong BYOD policy makes it clear that the need for a more complex password is required in order to protect and preserve the company’s confidential business information.

    Who Owns What?

    Although it seems fairly straightforward, employers may want to communicate in the BYOD policy that the company owns the information stored on its servers that the employees access through their devices. Additionally, the policy might go on to explain that the company can wipe (delete) the information stored on the device in the event it is lost or stolen because that information contains confidential business information owned by the organization. Finally, employers may want to communicate that there is no expectation of privacy in the employee’s use of the personal device similar to the use of the company-issued computer.

    However, a word of caution: while the company may own the information stored on the server, employers may want to consider resisting the temptation to access and/or read emails from the employee’s personal email account which may have been on the personal device. A recent case in the Northern District of Ohio found that a company violated the Stored Communications Act after a supervisor, without authorization, read more than 40,000 emails sent to the employee’s personal email account through the company-issued smart phone. Not only could the violation of the Act carry significant fines and penalties, but also criminal consequences.

    Acceptable Use

    The BYOD policy will also likely include the employer’s acceptable use policy, which would mirror the policy for an employee’s use of its company-issued computers.  For example, if Company A prohibits access to Facebook or certain objectionable websites via its computers, their BYOD policy would have similar language. Additionally, employers should consider adding language in the BYOD policy requiring employees that they must follow the company’s anti-harassment, respectful treatment in the workplace policy.

    Parting Ways

    When an employee separates from an organization with his/her personal device, the company could be vulnerable and risk losing its confidential business information. A thorough BYOD policy will likely address this by making it mandatory that the employer will wipe (delete) any company-stored information on the personal device at the time of the employee’s departure.  Because many employees have personal information such as photographs or music or other purchased applications, employers should consider developing a protocol to protect the employee’s personal information while still removing the company data.

    BYOD policy creation process

    Here is a high-level overview of how to develop your first BYOD policy.

    1. Assemble a project team that includes representation from your end user community and major departments, especially finance, legal, IT, and security. This team will probably be the same one behind your BYOD initiative, though it could be a sub-team of the larger project team.

    2. Assign BYOD policy research to all or select members of the team.

    3. Deliver the research findings to the policy team.

    4. Break down internal considerations for a BYOD policy to protect your corporate technology infrastructure via a document or white board.

    5. Circulate those considerations for internal review and sign off.

    6. Develop an outline for your BYOD policy based on the research and internal considerations.

    7. Develop a draft of your BYOD policy for internal review.

    8. Solicit comments and feedback from stakeholders such as executive management, legal, and IT security.

    9. Revise document and open it for user comments.

    10. Finalize with user comments if needed.

    11. Publish the BYOD policy for distribution and get management and user signoff.

  3. peeyoosh – kindly share the link as well…!

Comments are now closed for this post.

Lost Password

Register