Cybersecurity Hygiene: What It Is and Why It Is Important for Small Businesses
By Matthew J. Tyson, IT Specialist
When it comes to hygiene you might picture washing your hands. In cybersecurity similar actions can be taken, which are a part of what is called cybersecurity hygiene or simply cyber hygiene. For example, to keep your computers clean from infection you use security software, which functions like your computer’s immune system. Like your immune system, security software is not perfect; however, it helps prevent infection of your business computers and protects them from direct attacks by using what is known as a firewall. Some important cybersecurity hygiene practices you should follow to keep your business safe from cyberattacks, include:
USE STRONG PASSWORDS AND MULTI-FACTOR AUTHENTICATION
At the top of the list is one of the most important cybersecurity hygiene practices - create long complex passwords for each of your accounts and, when available, use multi-factor authentication (MFA). To make it easier to work with your complex passwords, use a password manager like Dashlane, LastPass, or Keeper. These password services can create and hold complex passwords for you so that you do not need to remember them or write them down on lists that can be lost or exploited. You just need to remember one master password. For additional protection, enable multi-factor authentication on your password manager account. Remember the master password should be complex and at least 15 characters long. I recommend a long passphrase with random characters in it, which should include special characters and numbers.
UPDATE SOFTWARE AND HARDWARE
The second most important cybersecurity hygiene practice is keeping your devices’ software up to date. This includes smart devices like smart phones and smart TVs. Outdated devices make it easy for people with malicious intent to gain access to your business network and your sensitive files. For example, some small businesses use computers with Windows 7 or even Windows XP, which invites successful attacks since both outdated operating systems have little to no support from Microsoft. Attackers look for outdated devices to easily gain access to your business network. Good cybersecurity hygiene practices require these devices to be retired for newer, more secure, devices that are supported by their manufacturer and have the latest operating systems with the newest security features and updates.
INSTALL SECURITY SOFTWARE
Third on the list is having top of the line security software installed on your devices. Even the built in Windows Defender security software will work as a temporary solution. But it is best to get a business grade security suite from reputable companies like Norton, McAfee, Trend Micro or Bitdefender, since business grade services have centralized management, audit logging, and other business features that do not usually come with personal security software suites and services. For an added layer of protection turn on periodic scanning in Windows Defender, but seek the help and advice of an IT Specialist’s before setting up periodic scanning on your business computers, since not all computer environments support it.
USE MODERN BROWSERS AND SECURITY ADDONS
When surfing the web, it is very important to use a modern browser, like Google Chrome and Firefox. These browsers automatically update and have advanced security features to keep you safe while browsing the internet. If you use an older browser, there is a good chance you will open your computer to attack. There is no good reason to use an outdated browser, since most modern internet browsers do not cost anything and give you a better overall internet browsing experience. As for security addons, use popup blockers and link scanners like Adblock Plus and Microsoft Defender Browser Protection. You can also use a DNS service like Quad9 to add an additional layer of security. These cyber security tools are free, highly rated, and widely used.
BACKUP, BACKUP, BACKUP
Regularly backup your business files since ransomware and other malicious software can encrypt or even delete your files with little chance of recovery. It is a very good cyber hygiene practice to keep up to date and secure backups of all your business files for future use. Cloud file storage services, like Microsoft OneDrive or Google Drive , can be a lifesaver for your business if used properly with long complex account passwords and multi-factor authentication. Also, always make encrypted offline backups of your most crucial files and store them in a safe location, like a locked storage closet or safe.
WHEN IN DOUBT THROW IT OUT
And the final cybersecurity practice and one of my favorite is “when in doubt throw it out”. This secures you and your devices. Throw out scam emails, calls, mail, websites, and conversations, by deleting, hanging up, shredding, closing, and saying you’re not interested. This practice can protect you from social engineering, which comes in many forms. For more information see our blog, at Social Engineering Attacks and Your Business. If you ever need help or need advice, please ask an IT Specialist.
Maintaining great cybersecurity hygiene will help protect your small business from attack and could even prevent your business from going out of business. From having updated devices to using the “when in doubt throw it out” practice, will help you create great cybersecurity hygiene. It is not difficult to accomplish, but it does take vigilance and following good routines that will make you feel that much safer in the always changing cyber world.
For more information about cyber securing your business, please check out the following KANAVA articles:
Malvertising: What It Is and How to Protect Your Small Business from It
Social Engineering Attacks and Your Business
You Can Do This! – 11 Ways to Keep Your Organization Cyber-Safe