Ransomware to the left of you, malware to the right—what’s a small business stuck in the middle to do?
We all know that securing your company isn’t easy or cheap. As Christopher Krebs, former director of the US Cybersecurity and Infrastructure Security Agency (CISA), and Matthew Masterson, former CISA Senior Cybersecurity Advisor, both recently pointed out: we’re “now in the midst of a new normal of cyber-enabled malicious activity.”
That’s bad enough. But they continued: “Small businesses that are constantly at risk cannot afford more modern systems and support necessary to manage that risk. This troubling divide between the digital haves and have-nots has become starker over the last year. Those still using decade-old technology—more often than not, our nation’s small and medium-sized businesses, as well as state and local government agencies—have stumbled in this new normal.”
Their answer is this: “Congress needs to pass a comprehensive digital infrastructure investment bill that authorizes and funds grants to state and local agencies to modernize their technology platforms and obtain the support they need to manage those systems and safeguard against cyberattacks like ransomware.”
It’s a great idea, but with President Biden having trouble getting his existing infrastructure bill through Congress, I don’t see the government coming to your aid anytime soon.
So, what can a small business owner do?
Here are five easy and free—yes, free!—suggestions.
The government may not come riding in like the cavalry in some old-time Western to save your bacon, but it does offer helpful resources. These include:
The Department of Homeland Security’s (DHS) free small business cyber hygiene vulnerability scanning service. This helps secure your web servers and other Internet-facing systems from weak configuration and known vulnerabilities. Better still, this will send you a weekly report on the state of your system.
The DHS also offers a Cyber Resilience Review (CRR). With this, you can do a non-technical assessment of your cybersecurity practices. You can either complete the assessment yourself, or, if you feel you’re not tech-savvy enough for it to do you any good, you can request a facilitated assessment by a DHS cybersecurity pro.
Finally, the agency provides helpful end-user Internet security ”Stop.Think.Connect” training and materials. This will teach your employees how to:
- Spot a phishing email;
- Browse safely;
- Avoiding suspicious downloads;
- Protect customer and vendor information.
And you thought all DHS did was airport security.
The Federal Communications Commission (FCC) also offers a cybersecurity planning tool to help you build a business security strategy.
Antivirus programs, especially if you’re running Windows, are still a must-have for your PCs. Microsoft’s Windows Security, formerly Windows Defender, is the best of the free anti-virus programs. Other recommended and inexpensive anti-viral programs are AVG Internet Security, for very small businesses, and Trend Micro Maximum Security, for larger ones.
When a vendor alerts you that there’s a new patch for your program—and it doesn’t have to be security specific—patch your program. There is, unfortunately, one really big exception to this, and it’s the largest program most of you run: Windows 10 itself. Microsoft, as I, Susan Bradley, and the recently retired Woody Leonhard have said over and over again, can’t be trusted with its Windows updates. Something always goes wrong with the company’s patches.
So, what do you do? Well, for one thing, I quite seriously suggest you consider Chromebooks, which are constantly being updated and almost never have a bad patch. Otherwise, follow The Microsoft Patch Lady on Computerworld and AskWoody to make sure you only upgrade your Microsoft systems and programs when it’s safe to do so.
Backup your data
I’ve been doing this (and saying this) for longer than many of you have been alive. Let me repeat my mantra yet again. Back up your systems, make sure your backups can be used to restore your systems, and then ACTUALLY DO IT. (Yes, I know I’m yelling.)
There are lots of ways to back up your data, and many won’t cost you a dime. Use them. The best free backup service is iDrive with its free 5GB per user entry-level package. Less well known, but certainly worth a look, is Aomei Backupper Standard.
Practice basic network security
I thought I could simply point you to a good basic network security guide and my work would be done. I thought wrong. I can’t find one, so I’ll have to write one for you soon!
In the meantime, this solid introduction to securing your home network should make you safer than doing nothing. I assure you if you don’t do such basics as changing your router password from its default and using the best available Wi-Fi security on your wireless network, you will regret it.
That’s enough security homework for now. Get cracking on doing the free and easy things to protect your business IT stack. Just by doing these things alone, you’ll be well ahead of the game.
Next read this:
Copyright © 2021 IDG Communications, Inc.