First, Limit Your ExposureThe most important thing to learn about cyber security when running a small business is to limit your exposure. This is analogous to locking the front door on your business after hours, setting your alarm system, and not leaving your keys in the truck. It also implies that you keep backups of key files and sensitive information just like photocopying papers for your accountant or local government. If you consider all of the physical things you do to protect your business, you will realize that there are electronic equivalents for almost all of them that can be incorporated into your business on a daily basis with minimal to no impact. Consider these for example.
- Locking your doors. This is equivalent to having passwords on all accounts and different keys for different systems. You do not want the front door key of your business to also open your safe!
- Having different alarm codes per person. If you are using the same alarm code for all employees, consider assigning a unique one per person. This allows you to track who is entering the code and is equivalent to having unique usernames and passwords per employee to access resources.
- Can anyone write a check from your business? The simple answer should be no. So why would you allow administrative access from all employees to information technology assets? If you do, this would allow them to make any changes to your computing environment and potentially any system; even the ones that write checks.
- Do you send your cars and trucks in for maintenance? If your business has a fleet of vehicles, you probably do. Even the worst taxi cabs need new tires and an oil change from time to time. So why not perform maintenance on your computers? This is allowing Adobe, Oracle, Windows, etc. to perform automatic security updates to ensure that vulnerabilities do not become a liability like bald tires.