You have seen it before: juggling multiple hats, a list that never grows smaller, a workplace small enough to feel familial but constantly slightly understaffed. That is the feeling of a small workplace, and more than likely, you work in one. 99.9% of US businesses are small,[1] and we understand the complexities that are inherent with that, as well as the dangers of running a small business in a cyber landscape that is increasingly difficult to navigate. An estimated 75% of small business are doing little or nothing to specifically address cybersecurity risks.
But we understand something more. We know cybersecurity and we want to help you. Bypass the fluff, technical jargon, and useless sales pitches and get to the heart of the matter: how small businesses can protect their cyber security without breaking the bank or being a multi-certified professional.
The first measure (out of 12) we outline in our guide is called, ‘User Hygiene: 101.” Like personal hygiene, —a ransomware attack could ultimately mean loss of customers for your business. And like personal hygiene, these five steps are not hard or costly to implement. And yet, they make the most impact on reducing cyber risks, beginning with multi-factor authentication.
Despite popular opinion, secret agents are not the only ones who need multiple ways of proving their identity. In the internet ageis your safest defense against nefarious actors gaining access to confidential information—like passwords, medical records and banking info. Anytime you authenticate—login—MFA requires an additional means of verification. Instead of being a hassle, this is a quick and painless way to ensure you are the only one accessing what your passwords are trying to protect. Since your email is a primary risk, start there.*
Next, look at your password settings and management. All your efforts to use multi-factor authentication will be for nothing if you have passwords that are easy to guess and are reused—that is like having a lock but never bothering to use it. Instead, use a password manager* to automatically create (and update) passwords that are long, complex, and unique to each site. It’s a win-win with dramatically enhanced security and saved time as your password manager automatically and securely saves your usernames and passwords. Now you only need to remember one password, rather than dozens.
Do not rest on those cybersecurity laurels just yet! Remember when you googled “why does my back hurt when I sit?” and then got continuous ads for lower back support and orthopedic shoes? That is because your generic browsers and search engines are henchmen for third-party tracking and data storage. Unless you want orthopedic shoe ads popping up until shoes stop being sold—or for your newly secured login credentials to be stolen—we recommend using secure search engines and browsers.
And then there are the co-workers and employees. There’s always the risk that Steve-two-cubicles down might get overwhelmed by the demands of juggling one too many hats. Overworked employees are prime targets for socially engineered cyberattacks, so it is important to make cybersecurity a reflex reaction. How? Stay up on social engineering and awareness training. We are not saying that Steve needs to attend a cyber conference that costs thousands of dollars per attendee. Instead, try out cheaper but equally effective options like Living Security, OnDefend or Wizer*.
Finally, let us talk about working remotely with more security: virtual private networks (VPNs). We know VPNs have flaws (technical discussion outside the scope of this post), but they can be set up to run automatically – for free!* Whether working from home, traveling, working in coffee shops, or hotels, always start your internet connection with a VPN (your company might provide one, but solid free options exist). While open network Wi-Fi may be free, the consequences of being eavesdropped on through the open network are not – even at home. Without a VPN, there is always a real possibility that you are not the only one seeing your screen or viewing your important documents. Thankfully, apps and pre-existing services can provide a seamless virtual private network.
At the beginning of October, at our Business Connection Luncheon, we introduced our ‘Reasonable and Prudent Guide for Small and Mid-Sized Businesses’ because we believe cybersecurity is attainable and should be embraced, no matter how small a business may be. Around our home base near Asheville, North Carolina, 96% of establishments have less than 50 employees.[2] Small businesses are the heart of where we work and live, and we want to keep it that way. Join us on this guided journey over the coming months to incrementally – reasonably – improve your security. Come back in two weeks to begin implementing the next measure. Also, access our guide for in-depth yet simple instructions for each step!
*Want to understand any of these steps better? Receive a free Reasonable and Prudent Guide for Small and Mid-Sized Businesses in your inbox by writing “Guide, please!” in the contact form here. And don’t worry—we don’t share your information with anyone else!
[1] U.S. Small Business Administration Office of Advocacy. 2020 Small Business Profile. Small Business Administration. Retrieved on 20 October 2021 from U.S. Small Business Economic Profile (sba.gov)
[2] Economic Development Coalition. Small Business. Asheville Chamber. Retrieved 20 October 2021 from Asheville NC Small Business Resources | Asheville Area Chamber of Commerce (ashevillechamber.org).
