Today’s small businesses rely on a wide array of technologies to run and grow their business. These technologies can range from proprietary hardware, to SaaS applications, to a simple spreadsheet. While these systems often have security protections built in, small businesses are frequently the target and victim of hackers. These threats can come in many forms, from ransomware compromising your computers to unauthorized access to your customers’ sensitive data. Addressing these threats can feel overwhelming, especially for a business owner that is not technically savvy.
The good news is that there are simple actions you can take today that can have a real impact on your business’ security. By following the recommendations we have set out below, you will be creating your business a cyber security plan that will help secure your business and put you far ahead of your competitors.
At FatBrain, we believe in a level playing field and that no business should be held hostage by ransomware or other attacks. We work with businesses to not only ensure that their invaluable business data is protected (see #3) but also help them unleash the full potential of their data. To get started with your cyber security plan, follow the recommendations below.
The power of checklists is recognized in some of the most performance-critical industries around the world. A famous example of this is how simple checklists in the medical profession have dramatically improved results for even the most trained doctors.* When a new employee starts they often need access to your company’s systems quickly. Having a checklist of what services and documents they need access to can make sure this is done in an organized and consistent manner. More importantly, when an employee leaves the company, revoking that access swiftly and completely is essential to the security of your systems and data. Having a documented process will ensure you don’t “miss a step” when offboarding an employee.
When a small business relies on a SaaS app, there is often a shared single account with “admin” access that everyone uses. This is a dangerous practice that leaves you and your customer’s data at risk. To combat this, SaaS apps will usually have a method of permissioning a user’s access. This can be complicated but a quick support email or chat can help you set up proper permissions. If you are able to, always give each employee their own account and ensure that they only have access to exactly what they need to do their job. It’s always better to start with restricted access and then open up access as an employee needs it.
This is something that even the biggest, most advanced companies in the world fail to do. Everyone knows the value of backing up your data. It can be a life-saver if a laptop is lost or if an issue arises with a vendor. Having a copy of your data that you control is a must. However, one thing many businesses fail to do is to test their backups. When an actual incident happens it can be extremely disruptive when people aren’t sure where their backups are or how to get their production systems back up and running. It’s very easy to simulate an employee losing a laptop. Have them work on a colleague’s laptop and see if they can access their critical files. If you get a database backup, ensure your IT/Engineering teams can get a system up and running from scratch twice a year. When something goes wrong, every second that you are offline costs your business. How fast you can get back up and running is something you should know.
Even your company’s data in business-critical SasS applications like Shopify, Salesforce, and Quickbooks can and should be backed up. For example, if an account you have gets compromised you can lose access to a critical SaaS app which can paralyze the business. One solution to this is an offering from FatBrain AI called RansomProof. It will back up the data in your business-critical SaaS apps once a day for free, forever. Click here to learn more about RansomProof.
Having strong passwords can go a long way to keeping your systems secure. Using password management software can simplify this because your employees will no longer have to remember each password. If left to their own devices, people tend to use simple passwords (ex: p@ssword!) and tend to reuse that password across all systems. Requiring your employees to have unique passwords for each system is another easy way to protect your business. One way to enable this is to use a password manager. There are many great free options that will securely store passwords and make it easy to have complicated, unique passwords for each service your employees have to log in to. Now, if one system is compromised, be it your fault or the vendor’s, there is no worry that the credentials the attackers have can access any of your other systems.
If you are a plumbing company, you may hire John or Jane because of their applicable skills, but do not make assumptions about their knowledge of how to stay secure in a connected world. Basic training goes a long way. Perhaps the easiest way hackers gain access to your systems is through fake “phishing” emails that fool their victims into providing their username and password to a system. Training your employees to always check the domain of the email sender and the domain of the links they click on cuts off one of the most common methods of attack. Train your employees to trust their gut, and if something seems even remotely suspicious they should immediately check in with you or whoever manages your IT. Even doing a training once a year can keep these ideas fresh in your employee’s minds and have a real impact.
Last, but not least, be sure to keep all software up to date. This is a simple thing to do that often is overlooked. Most programs today will have a button or menu option that will check for updates and install any updates that are available. On top of that, most programs will have an option to automatically install updates when they are available. Be sure to use that if it’s available! Vendors regularly update their software with the latest security patches and not installing these updates puts your business’ systems at risk.
The above recommendations are all things that you can start doing today. If this all feels overwhelming, pick out a few recommendations that will be the simplest for you to act on. Remember, creating a culture where cyber security is valued takes time, but there is no better time to start than today. This is not about being perfect right away, this is about getting better every day to help ensure all the blood, sweat, and tears you have poured into your business is not derailed by a cyber security incident. Stay safe!
FatBrain AI’s mission is to democratize the benefits of AI. Today, these benefits are going to the largest corporations and governments. FatBrain AI aims to bring these benefits to small and medium-sized businesses. One tool we have developed is RansomProof. RansomProof enables businesses of all sizes to back-up their critical data. RansomProof is easy to use, secure and as a bonus, free forever. If it’s free, what’s the catch? There is no catch, we hope this will be your entry into the FatBrian ecosystem and will consider our other products to help secure and grow your business. Take a look at RansomProof today!