Small businesses can take charge of safeguarding their online presence by taking steps that are free or cost little compared to the expense of lax protection, experts told an audience Thursday at the Wyoming Cybersecurity Symposium.
Jim Drever, Small Business Development Center representative, and Laura Baker, Medicine Bow Technologies director of sales operations, provided a checklist of ways small businesses can protect themselves from ransomware, phishing attacks and user mistakes.
“Even with an antivirus in place, hackers are ahead of the good guys,” Baker said of the need for small businesses to implement good cybersecurity practices.
Changing passwords on a regular basis, using stronger passwords, having a process in place for continuous review of IT security and physical walkthroughs, inventorying equipment and what access employees have to different accounts and devices, are all things that can be done at little no cost.
“If you don’t know what devices you have, you can’t protect them,” Drever said.
Training employees about good security practices can also be a free investment, Baker and Drever said. Sites such as https://secure2.sophos.com/en-us/lp/anti-phishing/awareness-toolkit.aspx and http://iase.disa.mil/eta/pages/online-catalog.aspx offer free training materials.
If using outdated operating systems such as Microsoft XP and Vista, or Microsoft Server 2003, disconnecting those computers and servers from a business network can keep their vulnerabilities from being exploited.
Encryption is available for Apple and Microsoft operating systems, and there are many free and low-cost software options available to assure personal and sensitive files can’t be accessed by unwanted users, they said.
Also make sure workstations and devices don’t have network jacks or USB ports that are accessible to the public.
Baker noted free email services like Google’s Gmail or free online storage services like Dropbox aren’t secure, but their paid versions are.
“Use a business class email service,” Baker said. Estimated cost depends on the size of the business, but can be as little as $5 for under 300 users.
Make sure business computers are using business version of operating software, not home versions which don’t provide the security settings that business need. Upgrading to Windows 10 can be as much as $200 but can be found for less at a reseller.
Using wireless routers is convenient for many businesses in serving visitors or customers, but make sure the guest account is separate from the business account so access by outsiders to core operations is prevented. If a business doesn’t have a router that has options to set up a separate guest account, get one, Drever urged.
Use business class antivirus/antimalware that can be used for all devices on a network.
Earlier in the conference, FBI special agent Dan Leyman urged businesses to contact the federal agency if they are victims of a ransomware or other attacks that threaten their operations.
“We’re required to keep your information private under law,” Leyman said of fears that a security breach could become public.