Conducting a Small Business Cyber Security Checkup

Although reviewing technology can be easy to put off, it’s important to set aside time periodically to check your company’s tech infrastructure and security settings.

Phishing, ransomware and malware remain persistent threats for companies of all sizes, and small businesses remain particularly vulnerable because they often lack the in-house security resources of larger companies. As a result, small and medium businesses account for nearly half of cyber attacks.

The threat is magnified by the expansion of work-from-home arrangements that can increase the number of devices accessing company and customer data.

Fortunately, however, a number of basic steps can reduce the risk of cyber security breaches and potential business disruptions. As part of your cyber security checkup, it’s important to examine, and potentially update, the following components of your company’s cyber defenses:

Strong Passwords and Management Tools

One of the most common ways small businesses experience data breaches is unauthorized access caused by weak passwords that are discovered with automated hacking tools, as well as sharing passwords to cloud accounts or network resources by team members.

Rather than relying on team members to develop passwords that they would need to remember, it is more effective to use password management software that generates strong passwords, stores them on specific devices, and enters them automatically so each user can enter their authorized sites.

Multi-Factor Authentication

Along with strong passwords, make sure your company is using multi-factor authentication (MFA) on any accounts that support it. With MFA, a compromised password won’t be enough information by itself to access an account or company data. In addition to a password, MFA tools require additional information (such as code that’s sent to a registered cellphone number) to ensure the authorized user has entered the correct password.

Check Website Settings and Apps

It’s also important to review your company’s website on a regular basis to ensure it is not being used to distribute malware, or is not compromised in another fashion. If the site is built on WordPress, for example, be sure the installation has been updated to the latest version. This will help reduce the risk of your company being targeted by a known vulnerability. Similarly, be sure any plug-ins or widgets that are running on your site are current, because these apps can provide a back door into your site if they are exploited.

Review Access Permissions

It’s a good idea to review the authorized users on your cloud accounts to make sure people only have access to the applications and information they need to do their jobs. Most cloud-based software will allow users to access only portions of your systems. For example, someone in a customer service role can see related records, but won’t be able to access financial data they don’t need.

Similarly, be sure to check whether any former team members still have access to your accounts, and remove the permissions of anyone who shouldn’t be able to log on anymore.

Update Other Applications

The next step in your cyber security check-up is making sure your productivity applications are up to date. Software is updated regularly to address security issues, so you want to be sure your tools are current.

Scheduling updates and reviewing your security settings on a consistent basis can help you manage security risks in a timely fashion without disrupting your small business operations unnecessarily.