With so much happening around, it is easy to lose focus on what’s important. Last weekend we sat down with 23 Cyber Security Experts to understand what works for small businesses. Today we bring you more of those tips from security experts and veterans that will help you prepare a solid web security foundation.
1. Look at human errors
“Security issues tend to arise from human error which is why starting with employee security training is both smart and cost effective. It is crucial that employees know how to use the security available to them and are well informed about security policies and best practices.”
Jacek Materna, CTO, Assembla
2. Email security training
“Ensuring proper email security training. You should also establish better rules for email attachments as well as which users can run executable files and install software. This can go a long way toward bolstering your defenses against a cyber-attack.”
Adnan Raja, Vice President of Marketing for Atlantic.Net
3. Power of 2-factor
“Two-factor authentication (2FA) for all login portals including email, security awareness training, restricted use of the Administrator account on computers, use of a password vault such as LastPass (protected by 2FA), an effective firewall and a high-quality antimalware solution provide a solid security foundation that won’t break the bank.”
Kai Pfiester, Founding Partner & Chief Security Architect, BlackCipher
4. On patches and phishing
“Along with the obvious tip which is to install security software and promptly update it with the latest security patches, the most important thing is to train employees to never click on links in any email without confirming its legitimacy. Trust me, you can’t trust anyone. Phishing and more specifically tailored spear phishing has resulted in more malware being downloaded than any other method of delivery.”
Steven J.J. Weisman, Esq. from Scamicide
5. Cloud tips
“Even the most secure cloud providers only offer security OF the cloud. The user is responsible for security IN the cloud. As groups, roles, devices, etc. change, oversights and misconfigurations open vulnerabilities that lead to outright hacks or just a Financial DDOS.
Unfortunately, a single misstep can compromise your entire infrastructure.”
Matthew Fuller, Inventor, CloudSploit.com
6. Secure browsing
“An often-neglected aspect of cyber security in small businesses is user web browsing. However, this can be very easily mitigated by opting for a cloud web-filtering solution.
This works both on premise and remote and requires very little investment, either in terms of hardware or maintenance but provides excellent protection from web based malicious downloads, phishing attacks, viruses and other browser-based attacks.
Given that the solution is cloud-based is a set and forget solution, very ideal for small businesses.”
David, Founder, CollectiveRay
7. $0 tips
“There are many things companies can do for cyber security that are $0. Strong passwords, two factor authentication, encrypting laptops and USB drives, and testing your backups by restoring the data. Do not cut corners on security just because it may be a little cumbersome.”
Greg Kelley, EnCE, DFCP from Vestigeltd.com
“One of the most critical items for businesses is user identity risk. Credentials being stolen or leaked and bad actors trying to hack into businesses. Businesses can prevent this by utilizing multi-factor authentication and identity management risk monitoring.”
Peter from TruGrid
9. Quick fixes
“Make sure operating systems are up-to-date and anti-virus is installed and updated.
Don’t click on any links that you were not expecting to receive. If you received an unsolicited link, contact the sender, if possible, and confirm authenticity.
Don’t trust a file extension when you download something. It’s very easy to spoof or hide the true nature of the file.”
Austin Norby, CISSP, OSCP, Blue Star Software
10. Educate employees
“A business should invest time in educating its employees. Many cyber breaches are caused by unknowing employees. Take time to teach employees how to create secure passwords, send encrypted emails, and clear storage. Instilling security policy tips in your employees early on will decrease the chances of a cyber breach.”
Keri Lindenmuth, Marketing Manager, KDG
“Securing passwords is one of the easiest and cheapest things small businesses can do to protect themselves. The best passwords combine length and complexity – ideally a mix of 12-15 characters. Use a password manager to help. Don’t share passwords, don’t write them on sticky notes, and don’t reuse them!”
Stacy Clements, Owner, Milepost 42 LLC
12. Security products
“Companies should look at companies providing a managed security offering behind a suite of products, rather than a full-time security engineer. This provides 24/7 security monitoring and alerting, without the full cost of someone to manage it all. We’ve seen this shift to managed security services, especially in the mid-market.”
Jeremy Steinert, CTO at WSM International
13. Phishing alerts
“Teach employees to recognize phishing scams. Cyber hackers use emails, phone calls and more to trick people into following links, downloading documents or giving up company information. Learn the signs of phishing emails, like improper grammar or spelling, a tone of urgency and misspellings in the sender’s email address.”
Amanda Bigley, Marketing Associate, Hummingbird Networks
14. Limit privileges
“Ensure the users setup on your computers are not configured as “Administrators.” When Windows computers ship, the setup wizard walks through creating the first user, which is an administrator by default. Create a 2nd User as an administrator and update the User for normal everyday activities to a “Standard User.” Working as an admin. invites trouble, whereas working as a Standard User helps protect against hacks, e.g. should you accidentally visit a nefarious web site by clicking on a bad link in an email.”
Bob Herman, Co-Founder & President, IT Tropolis
15. Quick tips
- “Set strong passwords, use good password management, and consider using certificates in lieu of passwords
- Disable unused services and only installed applications from trusted developers
- Make sure your IT organization uses a principle of least privileged accounts, so that users are limited to only the resource they need to perform their job
- Make sure your devices have been updated with the latest firmware and software patches, and check if your vendor publishes common vulnerabilities and exposure reports
- Make sure you’re using the latest advanced encryption methods for copying video or other data from one host to another on the network “
John Bartolac, Sr. Manager, Industry Segments Team and Cyber Strategy, Axis Communications
“Always cover the basics. Enable two factor authentications wherever you can, do not log-in using root accounts, create security groups only allowing access to the necessary resources and enable SSL and encrypt your data on all your external and internal facing systems. Also enable logging wherever you can.”
Vivek Chugh, Founder & CEO, Listables
17. Essentials in cloud
“Adequate cyber security is essential for any business. Implementing a superior cyber security program can be hard if your business is a startup and you are on a shoestring budget. Usually, the good programs cost money; good cyber security is one of those things that don’t come free of charge. The problem with not laying out any money on your company’s cyber security is that you could lose even more money than what you saved if your company is hacked into and information is stolen. Having said that, there are ways to spend less on cyber security if you are a new business. Here a couple of them:
-Back up all your data. Even the best systems are not 100% foolproof, so backing up your important data is of utmost importance, especially if you know that your cyber security program is not the best one around.
– Don’t store highly sensitive information on your cloud. Any information that could potentially harm your business if somebody got their hands on it is best off being stored offline where it is at a much lower risk of being stolen.”
Nate Masterson, IT Manager for Maple Holistics
18. All in one
“For a small business looking to get the best bang for its security bucks, the obvious contenders should be considered.
That means anti-virus or internet security software and firewalls, along with a sprinkling of staff training regarding strong passwords and the dangers of phishing and ransomware.”
Bethany Smith, Account Director, Eskenzi PR Ltd.
19. Dealing with firmware
“Update the firmware on your wireless router. Small business owners who run their own IT almost never do this – and often don’t even realise it’s a thing. But last October, security researchers found a massive hole in the encryption used in 93% of all wireless networks. If you haven’t updated your firmware in the last 6 months, you’re wide open to hackers. You’ll find step by step instructions in your router’s manual; google it if you’ve lost the physical copy.”
James Mawson, Co-owner, DXM Tech Support