Cyber Security 101: Top 10 Tips for Small and Emerging Businesses

Pat Tuley

Tax Partner

November 11, 2016

Cyber Security 101: Top 10 Tips

In this day and age, basic cyber security controls are everywhere, yet somehow there continues to be an increase in cyber-related attacks. In addition, the exposure of payment systems to the web has made the hacking even more profitable.

We find that most small to mid-size companies, including those in the craft brewing industry, are lacking proper resources and training, which makes it even easier for the bad guys to get in. It’s important to be aware of all potential risks, and these top 10 tips for cyber security are a great place to start!

  1. Train your employees, directors, customers and contractors on all things cyber security so that everyone is aware and understands what to look for. Hackers are tricking company employees to gain access to systems.
  2. Ensure that you are doing the basic “blocking and tackling” related to security, such as patch management, antivirus, ‘least privileged’ access, log review and data backup.
  3. Protect your endpoints! To put it simply, endpoints are any device that’s connected to your internal network, so keep all desktops, laptops, smart phones, tablets, printers and copiers secure before the hackers get to them.
  4. Monitor cyber security news and threat intelligence sources, and implement lessons learned.
  5. Know who to call for help – Forensic companies, law enforcement, public relations firms, etc. before something bad happens.
  6. Do NOT trust any computer, network or networking device that is not under your direct control. This includes but is not limited to employee personal computers, mobile devices, customer computers, USB drives and mobile phone chargers!
  7. Do NOT trust the internet! Emails, legitimate websites, remote access to systems, vendor connections and malicious websites that appear to be legitimate…are not always what they seem! These are some of the main ways the hackers are getting a foothold into organizations. Keep Internet activity restricted to business needs!
  8. Segment user end points from critical servers. Since the hackers are targeting employee end points, keeping them separate from the critical systems is important.
  9. Assess your cybersecurity risk and clearly define risk tolerance, which is different for every organization. This is determined based on the complexity of your business model and your IT organizational structure.
  10. Block high-risk attachments in incoming email using email filters. Also block internal IP address (and variants) using the email filters to reduce the risk of hackers spoofing (impersonating) internal employees to trick other employees into giving them sensitive information.

As an emerging business owner, you should be always be thinking about your security posture and how you can better protect your business. PKM often provides employee cybersecurity training to get the dialogue going for many of our clients. If you would be interested in this at your company, or just want to share war stories from your own experience, please post a comment below. We’d love to hear from you!

This post was originally published on LinkedIn.

Stay Up-to-date