Boomerang IT Solutions

Insights by BITS

Cybersecurity Basics for Small Business

Cybersecurity Basics for Small Business

Overview

Well will be covering some important considerations when deciding how and what information you might want to protect in order to keep your business safe from unwanted digital misfortunes.

Have a disaster-proof backup strategy for keeping critical information and digital assets protected from unnecessary business interruptions. A great backup strategy usually begins by identifying and classifying what kinds of information is important to back up. Moreover, a simple backup plan should also define storage locations and frequency of backups. Further tips and recommendations can be found below.

Identify valuable information that needs to be backed up.

Locate, classify and categorize your data to determine what documents, tools, and systems your business cannot operate without. Once you’ve documented your data using those elements, you will then know the necessary requirements for establishing an effective backup framework and selecting the appropriate backup methods for your digital assets.

Ideal information you want to store on a backup server.

Here are some commonly thought of business-critical data categories worth backing up:

  • Financial data
  • Sales and customer data
  • Employee information concerning business operations
  • Emails
  • Servers and systems
  • Procurement receipts and other legal ‘proof’ paperwork
  • Government/Tax documents
Choose a separate and secure location to store backups.

Storing backups separate from the original device/system keeps an integral copy of information safe from local disasters, security, staff and operational incidents.

Here are some best-practice locations to store and manage backups:

  • External/USB hard drives
  • On-premises backup servers
  • Off-premises backup servers/datacenters (cloud)
Establish backups on a regular basis.

Manually or automatically; set forth regularly scheduled backups of crucial data to the remote storage location. The frequency can be determined depending on how often the considered data is expected to systematically change or be modified.

(Bonus) A few recommendations for backup cloud providers.

Today, your cloud service provider (CSP) will usually offer you a built-in backup system within any software services they provide—in which you create and manage the records of data, documents, media, and other types of information.

 Albeit it gets trickier when you consider the risk of any incidental actions causing your data to be permanently deleted or inaccessible from these services. It will be gone forever. That is, if you didn’t have a backup stored in a digital location that is separate from the CSP. Even if it’s another cloud provider.

Popular CSPs:

  • Microsoft 365 – One Drive
  • Google – Drive
  • Dropbox
  • iCloud
  • Carbonite
  • CrashPlan

If you have devices, you depend on for business, the valuable information being stored is at risk. All assets such as workstations, servers, smartphones, tablets, and any IOT devices all should have some measure of security applied to them. Otherwise, it will be easy for a beginner-hacker to snatch your information up for ransom.

Anti-malware

Anti-malware and/or antivirus tools are working on your behalf to detect and respond to any threats from compromising the device and most importantly, your information on it.

A few recommendations for endpoint protection:

    1. Norton Antivirus
    2. Malwarebytes
    3. Webroot
    4. Windows Defender
    5. Bitdefender
Zero Trust Model

When collaborating and partnering with teams inside and outside of your business, you cannot always control the level of security the devices that they use to collaborate and work with you on. Well, maybe not a full deployment of the framework; but you can establish a few elements from the Zero Trust model into your own security strategy.

Adopting a zero trust security model will ensure that users, devices, and systems are verified before accessing your most valuable digital information.

Creating a secure private network to send your data across is more important than ever when it comes to keeping your digital assets safe.

WWW could also stand for wild, wild West. Speaking of hostile environments, has anyone been on the internet lately?

Virtual private network (VPN)

VPNs should be used to mask or encrypt your data so that cyberthreats cannot intercept and translate your data packets and compromise your information.

Without a VPN, the transmission of data such as bank cards and other sensitive information is at risk for unauthorized disclosure, by bad internet actors.

A few recommendations for VPN providers:

    1. NordLayer
    2. Norton VPN
    3. Proton VPN
    4. SurfShark VPN

Steer clear of malware and scams lurking in your email by educating you and your teams about security considerations when working via emails.

Always inspect the unexpected emails from unknown senders.

At the very least, the knowledge of well-known email vulnerabilities and practices to mitigate them is essential to knowing how to fend off attacks such as phishing emails attempting to steal your information, or suspicious email attachments that likely contain executable code to perform bad actions your device.

Fortunately, most email service providers have security features available that will help keep your email communications safe.

  • Establishing an information backup plan is imperative to preserving the integrity of your information–no matter what happens to any device you use to access and manage that information.

  • Use security software tools to keep the digital devices used to conduct business safe from the massive array of cyberthreats looking to hack your establishment.

  • A VPN connection protects your information from being intercepted, altered, and stolen as it traverses the public networks of the worldwide web (www).

  • Have the right people on your team know about some of the most common types of email attacks, the tell-tale signs to look for in suspicious emails, and how to handle them.

Stouffer, Clare (2022, Nov 09). Data backups 101: A complete guide for 2024. Norton. https://us.norton.com/blog/how-to/data-backup

Knowles, Mark (2024, Jun 5). The Importance of Endpoint Security. Hyperproof. https://hyperproof.io/resource/endpoint-security/

Rubenking, Neil J. & Stobing, Chris (2024, Oct 22). The Best VPN Services for 2024. PC Mag. https://www.pcmag.com/picks/the-best-vpn-services

@Jtalamantez (2024). Email Security Threats: Common Types and How to Mitigate Them. ADVANCE200. https://www.advance2000.com/email-security-threats-common-types-and-how-to-mitigate-them/