Business Cybersecurity Preparedness: Improvements and Best Practices

Just as individuals need to remain mindful about keeping themselves safe online, businesses also can be at risk for cyberattacks which can wreak havoc in many different ways. Maintaining cybersecurity is crucial, and having a contingency plan is an integral part of business preparedness.

Employee Education

Employees must be educated about potential online security threats so they understand how to maintain security and protect company information. As technology continues to evolve, this education must be ongoing to ensure that employees remain informed about potential threats.

• Hold all employees accountable for adhering to security procedures and policies.
• Teach employees about suspicious emails such as phishing schemes and emails containing attachments, instructing them to delete without clicking or downloading.
• Create consequences for violations of company cybersecurity policies.

Passwords

Create company policies about the use of strong passwords to access sensitive systems or information. Strong passwords will have at least eight characters with a combination of uppercase and lowercase letters, numbers, and symbols. Consider implementing a system that requires multifactor authentication beyond a single password.

• Require that passwords be changed regularly.
• A password might be a lengthy passphrase with punctuation added to it.
• Consider using phonetic replacements or deliberate misspellings.
• Use unique passwords for different devices and accounts.

Network Security

Keep a business network safe with encrypted information and a firewall to secure the Internet connection. A company Wi-Fi network should be both hidden and secure by creating a wireless access point or router that does not broadcast the network name.

• Always secure router access with a password.
• If the business offers free Wi-Fi for clients or customers, never place the free Wi-Fi on the same network as the company's computers. Keep the company network secured and separate.

Virus Protection

Secure all business computers and mobile devices with antivirus and antispyware software. After installing software, maintain it carefully by updating it as patches are released. Vendors continually update security software to keep it current to protect against the latest security threats.

• Configure security software to install all updates automatically.
• Dispose of old computers safely to protect any information they may contain.

Back Up Important Information

Institute regular backups of all information on all company computers. This information should include databases, financial files, documents, spreadsheets, accounts receivable and payable files, and human resource files. Implement automatic backups if possible.

• Store backups in the cloud, offsite in a different physical location, or both.

Control Information Access

Provide access to information on an as-needed basis. Never allow information access on a broad scale for unauthorized individuals. Allow access to information by setting up separate user accounts for each employee, and require the use of strong passwords to access accounts.

• Grant administrative privileges only to trusted staff members.
• Secure mobile devices and laptops when not in use to prevent theft or loss.
• Lock computers, closets, and desks containing sensitive files or equipment.

Disaster Recovery Plans

A disaster recovery plan is essential to ensure that a company can continue to function without disruption after a disastrous event. A recovery plan should include steps for restoring information, performing day-to-day business operations in alternative ways, and implementing new controls in light of the incident.

• Create and define roles and responsibilities for employees.
• Create "what-if" scenarios to cover potential situations with solutions.
• Know regulatory compliance requirements for security breaches.

Resources

• Top Ten Cybersecurity Tips
• How to Conduct a Cyber-Resilience Review (PDF)
• Cybersecurity for Small Business
• Small-Business Tip Card (PDF)
• Ten Cybersecurity Tips for Small Businesses
• A Cybersecurity Guide for Businesses (PDF)
• Nine Cybersecurity Terms You Need to Know (PDF)
• Cybersecurity Action Plan (PDF)
• Protecting Personal Information: A Guide for Business (PDF)
• Consumer Guide to Cybersecurity: Manage Your Risk
• Protect Your Business
• The Need for Greater Focus on the Cybersecurity Challenges Facing Small and Mid-Size Businesses
• Data Privacy and Cybersecurity
• Introduction to Cyber-Threats (PDF)
• Cybersecurity Tips
• Information Technology and Cybersecurity Policy (PDF)
• Your Path to Improved Cybersecurity (PDF)
• The Cost of Malicious Cyber-Activity to the U.S. Economy (PDF)
• Cybersecurity Information
• Small-Business Cybersecurity Guide (PDF)
• Incentives to Adopt Improved Cybersecurity Practices (PDF)
• Information Security Strategic Plan
• Data Security Checklist: Small Businesses (PDF)
• Data Breach Prevention (PDF)
• Small-Business Information-Sharing: Combating Foreign Cyber-Threats
• Don't Take the Bait: How to Start Protecting Clients and Businesses From Cybersecurity Threats
• Cybersecurity Awareness Training (PDF)
• Thanks for Being So Careless (video)
• Top Three Cybersecurity Issues Organizations Face
• Why Every Business Leader Should Care About Cybersecurity
• From Awareness to Action: Cybersecurity Strategy for Small Businesses
• Threat or Opportunity? Big Data and Cybersecurity
• SBDC Cautions Small Businesses About Cybersecurity; Offers Protection Tips
• What Is Cybersecurity, and Why Is it Important?