Is Your Small Business Secure in the Online World? 7 Questions to Ask Yourself

You may have a firewall, and a password protected online portal, but when it comes down to it, how secure is your small business?

If this security is breached the effects on business can be costly and long-term. As with many things, prevention sure is better than the cure.

The majority of small businesses (1–5 employees) across Australia, Brazil, Canada, India, Mexico, Turkey, the U.K. and the U.S., still consider themselves too small for website.

For those who do have one, like the 50+% of U.S. small businesses, they have opened themselves up to a myriad of new threats from hackers and malware. 

Hackers do not discriminate between big and small business, they just look for holes in your security and chinks in your armour which they can exploit. Not only is hacking terrible for your company, and potentially costly, but it also puts the security of your customers’ information at risk.

1.  Are you and your employees aware of cybercrime?

When the British National Health Service (NHS) systems were hacked recently, causing thousands of dollars worth of damage and compromising the care of many of their patients. Experts suspect it was caused by something that seemed completely innocuous.

It appears as though all it took was one email containing a seemingly harmless link, opened by an unsuspecting employee onto a system which was insufficiently supported, to bring down almost the entire NHS computer system. The moral of this story? Make sure you and your staff know exactly what to keep your eye out for, and keep your systems updated.

If your company keeps a manual of operations, ensure to include a section on cyber security, and encourage every member of staff to read and digest this information. And if you don’t feel comfortable or qualified in offering this advice, find someone who does. It could make all the difference.

2.  Can you maintain your security systems in-house?

Does your company have anyone on its payroll who can maintain internet security systems as part of their expertise? When you don’t have to outsource your security systems, you can react with immediacy to any concerns, without having to wait to call in an expert.

This person can also take responsibility for running regular scans and maintaining security packages. If you don’t have this person in-house at the moment, consider making it a requirement when you next hire, if it is relevant to the vacancy, otherwise, a training course in cyber-security for yourself and a few colleagues could be in order.

3.  Do you have all the necessary protection?

In this day and age, a firewall and an antivirus package just don’t cut it. Hackers are getting smarter, and online security is constantly battling to keep up.

One way which hackers discover chinks in company’s armour is by sending a simple ping request, which your network will automatically respond to, leading the hacker to believe it is worth exploring further. Simply setting up your router or firewall to block ping requests can have a big impact.

Similarly, is there a cyber threat support group or sharing platform within your industry? This type of support group allows other companies to share experiences of potential attacks, making it far easier to spot threats and keep them out of your system.

4.  Do you have a back-up plan?

Sometimes, you can do everything in your power to keep the cyber-criminals out, but they’ll still find a way in. They’re organised, highly strategic, and generally run by a criminal ring, not just a bored teenager in their bedroom.

That’s why, on top of all of your preventative methods, it’s essential to have a fully-formed backup plan, just in case.

Firstly, it’s essential to ensure all of your data and files are backed up on systems which are not accessible in the case of a hacking, such as external hard-drives which have no connection to the system. Then you need a means by which problems can be detected, located, and prevented before they can infiltrate your system.

Having this back-up plan ensures that malware or spyware cannot move throughout the system, compromising your company or your customer’s data.

5.  Are employees and visitors expected to carry ID?

It isn’t just the threat of online hackers which should concern you about the security of your company. If you have an office, even with only a few members of staff, which invites clients and suppliers to visit in-house, you could be compromising your security there too.

Do you expect all staff to carry ID and all visitors to sign in when they enter your office? This could help to significantly improve your office’s security, but also help to push an image of trustworthiness to any visitors to your office. All it takes it a few lanyards with company ID cards attached, and a few spares in which visitors can have a name and potentially a photograph — it even helps with the awkwardness of introductions.

Lanyards are inexpensive, and there are even overnight options available for delivery, so it’s a straightforward system to implement. This way, there are never any strangers just wandering around the office, looking important and failing to be questioned on their intentions.

It also means that you always have a record of which visitors are on site at any time, which is just good practice for fire safety and the like.

6.  Do you have a mobile device policy?

As smartphones become more popular as a platform from which to work, hackers are developing a whole new approach to brand new vulnerabilities. Smartphones are increasingly infected with malware (targeting Android devices), often times going undetected by the user.

Image Credit: Nokia Threat Intelligence Laboratories

When this user then starts to deal with their work emails or download apps relevant to their employment, hackers have access to all their information.

A mobile device policy allows you to ensure staff and clients are not compromising the security of your company unwittingly, and is crucial for protecting you and your company.

7.  Do you think like an attacker?

Finally, do you ever approach your company like a cyber-attacker? Just like you would look at your home through the eyes of a home invader for opportunities to break through windows or stake out the house from the yard, you should look at your company’s network security in the same way.

Using an open source nmap tool allows you to scan your network for ports that are open and shouldn’t be, allowing you to see vulnerabilities, which you otherwise would be unaware of.

You can then go on to plug those holes, making your network more secure than ever.