Rustin Scott, Vice President of Information Security and DevOps, at Markaaz, gives you his top 10 tips to help ensure your small business cybersecurity is on-point
- MFA on everything
MFA – or Multi-Factor Authentication is the best way to protect yourself against all manner of hacking attempts. Setup is easy and takes seconds. Many, many free MFA apps exist and can be used as the secondary login app that pushes notification prompts or can provide number sequences for the input challenge. With this, a hacker cannot log in as you, even with a user ID and password.
2. Managed Service Providers – less than 500 employees should outsource IT
As a small business, you might think a full-time IT resource wastes money – and you’d be right. IT resources are not cheap, and you probably do not have enough work for someone to stay busy. In fact, the generally accepted break-even figure to build an in-house force is 500 employees. The IT resources from Managed Services Providers and Managed Services Security Providers can deploy software and software updates, security rollups, malware detection and antivirus, and any number of services that shore up the defense-in-depth IT presence.
- Notifications for transactions, budgets, security events
Alerts are a great way to stay in the know about anything in your company’s digital space. Automatic notifications are enabled by default on some financial industry plans, like fraud alerts and anomalous traffic detection. This concept should be extended to every other available resource available. A timely alert can limit the exposure and damage of a compromised account.
- Password manager and secrets vault
Sure, you can keep your passwords on a sticky note right next to your computer. You lock your office, right? However, password and secrets managers do more than just keep your passwords safe. They also have optional scanning that analyses the password against databases of known compromised accounts. It might be pretty good to know if one of your passwords had been part of one of those breaches you hear on the news. Well, now you can, directly from your password manager, alerting and assisting you in changing the compromised password.
- Don’t click on emails – go to the website directly
When an email tells you to log into our bank for an important message about an account, avoid clicking the link, no matter how convenient it seems. A very popular method for hackers is to harvest your password with screen scrapers while your password is being entered. Or worse, the link can act like a proxy between you and your bank. An easy way to avoid this common hacker trick is to simply avoid clicking on anything unsolicited and go direct to the website.
- Spend the extra $$ on email scanning for phishing/malware
A lot of business collaboration services come with email included. However, one of the biggest entrances into a business is through email. The best way to prevent a breach is to head that vector off at the pass. Malware and phishing attempts, either through known bad senders or emails packaged with malware or corrupted attachments, are scanned and deleted before landing in your inbox.
- Cloud services: consolidate IT Office apps to a single provider
Move to the cloud – it’s more secure and accessible anywhere. Rather than having different email, storage, and collaboration services, make sure your provider can take care of all these needs. The recent trend is moving to an ‘all-in-one’ provider as opposed to many different ‘best-of-breed’ solutions because the return on investment can be realized much quicker. Additionally, many different solutions require more time to manage rather than a single point of contact. Traditional solutions are a thing of the past. The huge technology movers and shakers are demanding cloud-based solutions, and the market has responded by diverting R&D away from on-prem solutions and toward cloud-integrated solutions.
- Sign up for periodic security training
Many basic security standards like ISO and SOC2 require periodic security training. Keeping a schedule or paying a service to update on the latest security practices is a great way to maintain a solid baseline of best practices. Even in the event of a breach, simple training can showcase an attempt at best practices and can help to prevent costly fines.
- Scan your internet presence: There are plenty of free tools to do this
If you happen to have an internet presence, an easy way to determine the threat footprint and opportunity to remedy issues is through security scanning tools. Hackers have great success using some of the same tools security professionals use. External website scanners, malware scanners, and various toolkits can be used to gauge and grade a company’s internet footprint and overall security posture.
- Know who you do business with – Markaaz!
Avoiding costly and embarrassing mistakes can be simple when learning who to partner with. Regulations for some industries require due diligence in knowing your customer. Save the hassle of doing business with a paper company and vet your partners and providers with Markaaz to know their reputation and standing.