11 cyber security tips for small to medium businesses

Cybersecurity has become a household name these days owing to numerous reports in the media about data leaks, Firewall breaches and huge financial loss accrued by actions of hackers breaching into major organizations. Recently, a Ransomware named as WannaCry wreaked havoc in the computing world, infiltrating into major companies like SONY, HBO and even Microsoft. These companies had to incur huge financial losses as a result of the fallout generated by these attacks. Also, consumer confidence in these financial companies eroded irreversibly seeing as the perception that if multinational Cyber companies are not immune from malicious intrusions themselves, they cannot be trusted to protect the interests of their consumers. Owing to this, a belief has started to coagulate amongst individual IT customers that if there has to be protection from such attacks, they themselves have to take responsibility for their own protection and employ appropriate countermeasures so as to avoid falling victim to such malicious intrusions.

What is Cyber Security? Cyber security is nothing but self-protection of internet connected systems, physical protection of hardware, or virtual protection of software and data from Cyber Attacks. Cyber security also entails taking care that unauthorized access to Enterprise Information be prevented. Information security, which entails maintaining the confidentiality, integrity and availability of data also falls within the purview of Cyber Security.

There are certain measures that one can take in order to if not prevent but at least mitigate the risks borne out of Cyberattacks and maintain the integrity of one's data. Here is a list of some of such measures.

1) Equipping oneself with the latest antivirus software

It is advisable to employ the help of the latest paid antivirus software for protection against malware. Many effective options are available in today's marketplace for effective protection against viruses, worms, trojans, ransomware, bloatware and other types of malware. These products are also adept at isolating them, quarantining them and ultimately preventing them from causing harm to our file systems. Since regular updates in malware definitions are available, it is advisable to update one's own software accordingly.

2) Establishing sound Facility, Network and Device policies

Implementing sound control policies with respect to allowing user's access to Enterprise Network, Work devices, privileged data etc. will allow fewer loopholes for malicious actors to exploit. In several cases, frivolous and undisciplined behaviour is the most prevalent reason behind unauthorized data breaches and vulnerabilities left within the system. Enforcement of policies mandating cleaning one's desk and digital footprint coupled with stringent policies about physical access control of various areas or devices using physical barriers and managed entry systems.

3) Establishing a stringent password protocol.

Enterprises are prone to human error-borne vulnerabilities. Many of these arise out of having weak password control policy. Setting weak passwords like "name_123" automatically make oneself a viable target for prospective attackers. An unconcerned attitude towards the enterprise data can lead to disastrous consequences. Help of password management applications can be taken to avoid cumbersome password retention responsibilities and seamless password input into respective websites.

4) Securing one's own networks

Safeguarding one's internet connection by using a firewall and encrypting information can act as a very important countermeasure in terms of protecting one's online activity. Effectively hiding one's Wi-Fi networks and protecting them with strong passwords, configuring routers to not broadcast the SSID can go a long way in terms of protecting one's internet connection.

5) Educating one's employees about CyberSecurity and making them accountable for their actions

Educating one's employees regarding the nature of online threats and the importance of protecting enterprise data can act as a boost in terms of providing enterprise security. Establishing boundaries and issuing clear guidelines on acceptable social media activity of employees can prevent things like confidential information and trade secrets to leak out of the organization. It is also advisable to hold employees accountable for the protection of privileged information.

6) Understanding the basic terminologies, concepts and jargon related to the field of Cybersecurity.

One thing most advisable before talking to a security consultant or implementing any change in the infrastructure or making any major software purchases, is to study up on the basic terminologies and concepts of cybersecurity. There is much material available in the form of articles, white papers and other publications about cyber security in general. Following and implementing the literature released by reputable organizations like Center for Internet Security is also important.

7) Investment in effective CyberSecurity.

It has been found out from numerous surveys that many small and medium business owners are completely unaware of even the most basic aspects of CyberSecurity. Most respondents are unaware of such basic concepts as Endpoint Security. If an effective and robust infrastructure is to be built in order to repel perilous cyberattacks, some tangible monetary investment has to be made in the same. Failing which, there will always be an ever present danger of falling victim to cyberattacks.

8) Continuously reevaluating and updating policies.

The cybersecurity landscape is a highly fluid and dynamic landscape. For every protection enhancement cybersecurity vendors make, criminals find new ways to hack networks and endpoints. Thus perpetual vigilance is mandatory if one wants to stay on top of the latest malicious measures deployed. Just keeping abreast is not sufficient, formulating policy change and inculcating a dynamic organizational security protocol that would protect one's enterprise data has become the need of the day.

9) Regularly backing up all the data.

Despite having protections installed against cyberattacks, it is possible for a potential vulnerability becoming a source of a breach. In such case, in order to maintain data fidelity and persistence, it is highly advisable to have a second copy of one's data handy for contingency purposes. It is advisable to ensure that the physical location of the data backup is far away from the primary data source so as to prevent it from corrupting in case of a flood or fire. It is also advisable to regularly back up the data so as to maintain data fidelity.

10) Creating a mobile device access protocol

The advent of mobile devices and the internet has changed the landscape of the CyberSecurity Domain. Securing business data where users can carry enterprise data on their mobile devices or have similar BYOD policies has become a major challenge in today's time. To prevent the employees from becoming unwitting conduits for cyberattackers pursuing enterprise data, stringent mobile device policies must be enacted. This need is amplified further if these mobile devices hold confidential information or have access to corporate networks. Policies mandating locking of mobile phones, encrypting data and installing 3rd party applications that secure the mobile devices should be enacted.

11) Documenting and prominently displaying the cybersecurity policies

Many small businesses only operate on word of mouth and low tech communication in order to convey the established norms and protocol pertaining to the organizational cybersecurity. Regular training must be provided, relevant checklists must be made in order to ensure that all the organizational security policies are being followed. Several detailed toolkits are available to determine and document organizational security policies and ensure their compliance.