One of the most common misconceptions surrounding cybersecurity and data protection measures is that they are too expensive to deploy and maintain – so much so that they become prohibitive for small and middle market businesses. Another one I hear often is that the implementation process can seem daunting for business owners who may be unsure about where exactly to begin.
While top-of-the-line cybersecurity programs and managed IT service packages can certainly be expensive and complex to deploy, there are several, low or no cost measures that are worth considering. An ounce of prevention, even on a limited budget, can go a long way.
1. Password protocols and two factor authentication
- Passwords should be (at least) 10 characters
- Changed quarterly
- Kept in a secure location
- Change default passwords
- Two factor authentication can be established with minimal (or no) cost
2. Patch early, patch often: All computers and other devices should be updated regularly
3. Bank online through one, isolated computer that is not used for any other purpose, and which is not connected to the business’ local area network
4. Train your personnel on cyber mindfulness
- More than one-third of ransomware attacks are launched via a phishing email
- Verify from a known source – pick up the telephone!
- If you see something, say something…
5. Least rights – for small organizations, everyone wears multiple hats… but for sensitive information, minimize who has access to the crown jewels
6. Back up your data
7. Encrypt your data
8. Secure your physical environment
9. Due diligence: read your contracts, your privacy policies and understand your legal obligations
10. Have a plan!
- The day you discover you have had an incident is not the day to figure out “now what”?
- PTA calling tree
- Do NOT store the plan on the computer!
If you’d like to keep these tips at hand, they are available for download here. Be smart and be safe!