Business owners need to be concerned about their online security. The global average cost of a single data breach has risen to $3.86 million, and tends to rise consistently, every year, thanks to new threats and more complexities resulting from a breach. And these attacks aren’t limited to big corporations either; in fact, roughly half of all cyberattacks targeted small businesses with fewer than 250 employees.
While it’s impossible to protect yourself against every type of cyberthreat, indefinitely, even basic security measures can improve your resistance to them.
Ultimately, there are two main categories of improvements to make to your online security and privacy. First, there are online privacy tools, which employ technology to protect you against certain types of threats. Then, there are policies and practices that can reduce your organization’s vulnerability to cyberattacks in the first place.
Using the Right Tools
Let’s start by covering some of the tools that can improve your online security, since they’re usually easier to adopt and enforce:
- Get a VPN. You can start by getting a virtual private network, or VPN. A VPN works as a secure “tunnel"-like connection between your devices and a separate, third-party server. This adds a layer of privacy to any network traffic coming in or out of your organization, and makes all your traffic more secure. VPNs come in all shapes and sizes, however, so shop around until you find the right fit for your business.
- Install and modify a firewall. A firewall functions kind of like a bouncer for all incoming internet traffic. You can set one up and modify it to permit certain types of traffic and prohibit others, such as disallowing specific sites or the downloading of certain types of files. It’s a good protective measure, but not a comprehensive or perfect one, so be careful when using it.
- Use encrypted messaging services. If you want an extra layer of security on your incoming and outgoing messages, you can make use of a service that encrypts those forms of communication. These services aren’t perfect; they can still be breached by a skilled hacker, or when an employee leaks critical information on your account. However, they serve as a valuable form of extra protection.
- Scrutinize all your apps and systems. Every app, program, or system utilized by your business has the potential to be compromised. If you’re using a lot of third-party systems, it’s in your best interest to scrutinize them before making the purchase. Does this company have solid security practices? Have they suffered any data breaches in the past? What measures are they adopting to protect their customers’ data?
Training and Best Practices
Unfortunately, tools aren’t enough to make your organization secure. Even with a VPN installed and encrypted messaging services in use, all it takes is one employee to compromise a password and your entire system could be breached.
- Choose strong passwords (and change them regularly). If any of your passwords are guessed, stolen, or brute-forced with an automated program, it won’t matter how much encryption you have on your devices; the login credentials are enough to grant access to your data. Accordingly, one of your highest priorities should be creating strong passwords with a mix of lower-case letters, upper-case letters, numbers, and special symbols (and the longer, the better). Change these passwords regularly.
- Educate employees on common schemes. There are dozens of schemes out there, designed to use social engineering or outright trickery to fool your employees into giving up passwords or login credentials. For example, they may receive an email with a nefarious attachment, or a call from someone pretending to be an administrator. Educate your employees on these types of schemes, and prevent them from partaking in them.
- Keep your information quarantined. It’s a bad idea to give all your employees unlimited access to all your apps and systems. Instead, keep these passwords and login credentials on a need-to-know basis, segmenting and quarantining these valuable pieces of data.
- Be careful with BYOD policies. Bring-your-own-device (BYOD) policies are becoming more common, and to an extent, harder to enforce since so many employees rely on a suite of mobile devices for their personal and professional lives. There will inevitably be crossover between technologies designed for private and company use. Your job is to make sure employees understand the difference between secure and unsecure practices; for example, make sure they won’t use company devices on a public, unsecured network.
A combination of solid tools and solid employee practices can make your business much better protected against potential online threats. No system is perfect, but the majority of cyber criminals are opportunists, so anything that makes a breach more difficult to pull off can provide you with massive protection.