The Small Business Cybersecurity Checklist

In 2015, the world experienced one of the biggest cyberheists in history. The first “international cybermafia” stole up to $1 billion from more than 100 global financial institutions. They didn’t use any sophisticated AI or hacking software to achieve their goal. The gang was able to pull this off with spear-phishing emails and trojans. Although your business may not be on the level of banks, data breaches can happen to any entity, regardless of size. This cybersecurity checklist will be your first step to securing your computer network and data.

Small Business Risks Are Higher Than Ever

As a small business owner, you might think you’re too small to be targeted by hackers. This is not true. In fact, 2014 was the first year that SMB’s made up the largest population of cyber victims. In 2016, Small Business Trends showed in a survey that 55 percent of respondents say their companies have experienced a cyber attack. Symantec reports show that small businesses are one of the most targeted with malware, spam and phishing attacks. Looking at these statistics, there is a good chance that your small company is a target of at least one kind of attack that could put you out of business.

Your Cybersecurity Checklist

The Financial Industry Regulatory Authority, FINRA, has noticed the increase in attacks on small businesses and how it can affect the economy. The “Small Firm Cybersecurity Checklist” was created as a result. This list thoroughly explains the vulnerabilities of computer systems and how to avoid having those vulnerabilities exploited by hackers.

FINRA defines “cybersecurity” as the “protection of investor and firm information from compromise through the use of information technology.” The information in the checklist is from the National Institute of Standards and Technology (NIST) Cybersecurity Framework and FINRA’s Report on Cybersecurity Practices.

In the checklist, you’ll find five categories with 12 sections total. By following this checklist, you’ll learn how to prevent attacks and how to react if an attack happens.

1.    Identification

First, identify the vulnerabilities in your network:

  • Make a list of all your assets and their risks.
  • Pinpoint users and access points since both can be sources of risks.
  • Check to see if encryption protocol needs to be updated and enforce it.
  • Install intrusion detection programs. This is critical to stopping intruders before they can cause any damage.
  • Develop a comprehensive disaster recovery plan or improve on the one you already in case (more likely when) a disaster occurs.

2.    Protect Customer and Proprietary Data

Do you share any type of data with third parties across the internet or external portals? That data is also at risk of theft.

  • Make a list of all third parties you interact along with their vulnerabilities.
  • Limit the data you share. Only share what is necessary.
  • Create rules for interactions between your company and third-party companies. Keep those processes separated from the rest of your business.

3.    Detect Intrusions Through Mobile Devices

If you or your employees access company data through mobile devices, this is also something hackers can exploit. More often than not, mobile devices are the easiest entry point to access business databases.

  • Make a list of all devices that access your network and touch information.
  • Set rules for security within the devices – passwords, encryption, etc.
  • Implement the ability to wipe those devices remotely in order to keep control of data.
  • Limit access to company data based on authority of users or devices.

4.    Respond to the Crisis

Having a system-wide response plan will make this easier.

  • Make a list of important system elements
  • Make sure passwords and other security measures are up-to-date and updated on a regular basis
  • Backup your system regularly and check if the schedule is followed

5.    Recover Lost or Stolen Assets

Losing data that is critical to running your business can have devastating consequences

  • Ensure you have a robust backup that is tested
  • Implement redundancies and keep them current
  • Re-evaluate your recovery process. Often times, hackers will come back through the same security holes to steal data again.

Is data an important part of your business? Consider outsourcing IT. You’ll find it is cost-effective and relieves the burden of technology on your shoulders so you can give your business the attention it needs. Need help or just want to learn more about BDS’s managed IT Services? Contact us today.

Leave a Reply

Your email address will not be published. Required fields are marked *