Happy Cyber Security Awareness Month! Since 2004, this month has been set aside to promote cyber security training and best practices. The theme for Cyber Security Awareness Month 2022, “See yourself in cyber,” is intended to highlight the role that individuals play in preventing cyber attacks.
If you own a small business or nonprofit organization, Cyber Security Awareness Month is a good time to take stock of your current security practices and vulnerabilities. Here are 5 things every small business owner should do this month to prepare and protect for the year ahead.
- Update your software. While most software updates automatically, there are still custom-designed and legacy programs that require manual updates. If you use WordPress for your website, you may need to approve updates to the WordPress core and plugins before they can take effect. Most software updates include critical security patches that will keep your website and organization’s systems safe. Set aside some time to make a list of all the software you use, then go through it and look for and install updates. Record the names of the programs you use – and the last time you updated them – in an Excel spreadsheet, then set a reminder to open the spreadsheet in 3 months.
- Enable two-factor authentication for any site that holds banking, business or financial information. This is the single, simplest, most important step anyone can take to improve cyber security. Without two-factor authentication, you are at the mercy of cyber criminals. With it, they need to access you – or your smart phone – to take control of financial accounts or databases. Two-factor authentication deters a majority of cyber criminals and acts as an early warning system: if you receive a two-factor text message that you did not initiate, you can contact the provider who sent it and look for suspicious activity in your accounts. If you do nothing else this Cyber Security Month, do this.
- Change your passwords. Do you change the batteries in your smoke detectors when you change your clocks? Change your passwords during Cyber Security Month. then set a reminder to change them again in six months. This provides a good level of protection against third-party data breaches that expose your personal information, including passwords.
- Clean up old logins. Every business should have protocols for deleting accounts and logins when employees retire or leave, but many small businesses lack these processes or the time to follow them. Set aside a few hours to review who has login privileges to every shared service you use, including your website, business systems and financial accounts. As with your software, make an Excel spreadsheet of every service and piece of software you use that has employee accounts, then write down the date of your most recent cleanup. It may be rare for ex-employees to try and access accounts to cause problems, but it is all too common for hackers using stolen credentials to try to access business accounts. Deleting accounts for former employees must be a regular part of your business maintenance, especially if you register accounts with company email addresses.
- Remind employees to be aware of phishing attacks. Send an email reminding employees that you will never ask them to buy gift cards. Send a second email reminding employees to never share their passwords. Send a third email reminding employees to visit websites directly instead of clicking on links in unsolicited emails. Don’t say that it’s a reminder or that you’re being proactive. Emails from business owners discussing policies that arrive unexpectedly and without a lot of “friendly reminder” language tend to get remembered, because employees assume they are in response to something that happened. If anyone asks about a breach, don’t be coy, tell them that the email was simply a reminder. Then take note of the fact that the employee read it and was concerned enough to bring it up with you. That means it worked.
There are many more things small businesses can do to protect themselves during Cyber Security Awareness month, including security reviews and training. It is increasingly critical for leaders to take cyber security seriously, because a trend toward greater liability for businesses involved in a breach or cyber attack is growing. Organizations without robust cyber security practices, software and training could find themselves liable for the costs of a ransomware attack or a breach that exposes client or employee data.