Cyber Hygiene - Security for Small and Medium-Sized Businesses and Entrepreneurs

We are one week away from the last week of National Cyber Security Awareness Month this week we are going to take a look at cyber security for small and medium-sized businesses (SMB) and entrepreneurs. SMB face the same difficulties as Enterprise companies do when it comes to cybersecurity and threats. Think about your dentists’ office and what sensitive information they may have about you; your social security number, address, credit card number? Small and medium size businesses are carrying significantly more customer information and sensitive data than they have in the past. Also, entrepreneurs face risks since the intellectual property they have created could be the value of the entire business they are struggling to create.

Below are some small and medium size cyber security minimums shared from the Department of Homeland Security, other Federal agencies, and also some wizard tips.
 

• Share information in the office about recent security issues and best practices for passwords and when to change them.Automate Anti-Virus and Spyware scanning and reporting on all computers – not just the PC’s Mac’s should be included too.
• Automate your Patch and Update rhythm. Check it regularly, the traditional IT standard is once a month, but it’s recommended to visit every seven days.
• Secure your connection to the internet by using a smart firewall, something with content filtering and application monitoring capabilities. Encrypt over the wire communications and hide your Wifi SSID. Change the password at least once every three months.
• Get a Backup, test the backup, don’t just backup the files and data! Backup the configuration of the server as well to help with your SLA on business continuity; this will help you restore to normal operations more quickly and be super fly.                                   

Resources for Small Business from the Stop.Think.Connect. Toolkit
 

• The Federal Small Biz Cyber Planner, a tool for businesses to create custom cybersecurity plans.
• Cyber security for Small Business is training course that covers the basics of cyber security and information security.
• The US Small Business Association’s cyber course provides an introduction to securing information in a small business.

In my mind, small business also includes a certain device that everyone cringes when they hear it: POS or Point of Sales devices. These devices have changed in the last decade in form like an autobot at a car show. What was once done on a large clunky red handheld scanners connected to an old IBM desktop can now be done with a small form factor tablet and in some cases just a smart phone. It is critical to keep POS systems secure both from external and internal threats.

Plugging in a USB or visiting malicious websites can end up leaking your customer credit cards and identities all over the web. Separate out admin access to these devices and network connectivity so they are isolated and monitored at all times. I would recommend not allowing employees to browse the web on these devices or download unknown apps that could be malicious.

It is tricky to measuring the return on investment (ROI) of security, but if/when you have an issue you’ll really wish you had covered the basics, especially when the basics cover 97% of what’s out there waiting to take advantage of your business.