1. Train employees on cybersecurity best practices
“Ninety-five percent of all security breaches at the workplace are because of human error,” says Tony Anscombe, senior security evangelist, Avast. “To combat this, cybersecurity should be a core part of the workplace culture – including ongoing education, training and reviews for each employee.”
“Educating employees regularly must be a top priority,” agrees Vijay Basani, CEO, EiQ Networks. “Unaware and careless employees are one of the most effective ways for cybercriminals to find ‘open doors’ to the corporate network, usually through spear phishing techniques designed to deliver malware.
“Educating employees on the dangers of phishing and malware – clicking on even one attachment or link in an external email – and making it part of the employee onboarding process can be the best defense in preventing malware from finding that open door,” he says.
“Furthermore, [businesses] should teach their employees never to open an unsolicited email attachment and be wary of any URL links contained in email messages,” advises Marc Laliberte, information security analyst, WatchGuard Technologies.
2. Invest in antivirus software
“Regardless of the type of computers that you are running (Windows or Mac), an investment in antivirus software is always a great move,” says Tom DeSot, CIO, Digital Defense. “While many people may think that Macs are immune to viruses, they in fact are not and can become infected almost as easily as a Windows computer.”
That’s why he recommends that businesses “run at least two different types of anti-virus software: one on [their] servers, one on [their] laptops/desktops. The reason for this is that you stand a better chance of catching [and stopping] a virus since one of the anti-virus software packages may have a signature for it whereas the other one may not.”
Most importantly, “don’t forget to keep your signatures up to date,” he says. “Not updating your antivirus software is almost as bad as not having it at all.”
3. Turn on firewalls
In addition to having antivirus software, “make sure that you have firewalls enabled on your desktop/laptop computers as well as your servers,” says DeSot. “This not only lessens the attack surface of the host; it also helps prevent systems from becoming infected by worms or other types of malware that are looking for services such as FTP or file shares to infect another host.
“If your host does not come with a native firewall, there are plenty of internet protection suites that have a firewall built into them as well,” he says. “Many of the anti-virus vendors sell these types of suites and often bundle them with their anti-virus software. This goes a long way to protecting your systems from attack and keeping your data safe.”
4. Make sure everyone has strong, unique passwords
“Seventy-six percent of attacks on corporate networks are due to weak passwords,” says Anscombe. “Your child’s birth date, your home town or a pet’s name [are all examples of weak passwords, codes that can be easily hacked].”
Instead, make sure all employees use strong passwords. And by ‘strong’ he means it “should have numbers, special characters and upper and lowercase letters.” Also, passwords should not be re-used or shared on different sites.
To ensure passwords are unique, “employ password managers that will generate unique, strong passwords for you.”
5. Use encryption/SSL
“The No. 1 security measure that small businesses should not overlook is encryption,” says Doug Beattie, vice president, GlobalSign. “SSL/TLS certificates allow sensitive information to be sent securely. Without them attackers are able to intercept all the data being sent between a server and a client (a website and a browser, for example).