Essential Cybersecurity Best Practices

Cybersecurity controls are essential for small businesses to protect their sensitive data and systems from cyber threats. Here are some important cybersecurity best practices that small businesses should consider implementing:

  1. Know what you have. This means conducting an inventory of all your devices and applications, and identifying which ones are critical for your business operations. You should also keep your inventory up to date, and regularly review it to ensure all your information is accurate.

  2. Run Updates. This means installing the latest security patches for your devices and applications and configuring them to automatically update. You should also implement secure configuration settings for all your devices and applications.

  3. Better Passwords. This means using strong passwords and enabling multi-factor authentication (MFA) whenever possible. You should also consider using a password manager to help you generate and store strong passwords.

  4. Prevent phishing and malware. This means being careful about what emails you open, and what links you click on. You should also install anti-virus software and keep it up to date.

  5. Backup and Recovery. This means regularly backing up your data and storing it in a safe location. You should also test your backups regularly to make sure they are working properly.

  6. Secure your email. This means implementing DMARC, which helps to prevent email spoofing. You should also be careful about what you say in emails and avoid sending sensitive information over email.

Ready for more? Here are some additional tips for improving your small business's cybersecurity:

  • Protect your Network. Use a firewall. A firewall can help to protect your network from unauthorized access. Use a VPN when away. A VPN can encrypt your traffic when you are connecting to public Wi-Fi networks.

  • Train your employees. Make sure your employees know about the latest cybersecurity threats, how to identify them, and how to protect themselves and the company.

  • Incident Response Plan. In the event of a cyberattack, you should have a plan in place to respond quickly and effectively. Develop a plan to know who to call and when.

Helpful links and Resources

https://becyberready.com – Cyber Readiness Institute

https://www.cisa.gov/shileds-up – CISA info to prepare for, respond to, mitigate impact of attacks

https://nist.gov/itl/smallbusinesscyber - NIST Small Business Cybersecurity Corner

https://www.sba.gov/business-guide/manage-your-business/strengthen-your-cybersecurity  - US Small Business Administration – Strengthen your Cybersecurity