Security Solutions for Small Businesses: Safeguarding Digital Assets

Written by: James Hart

Even if you don’t think your small business has any valuable information, the average cybercriminal will probably disagree.

The last few years have shown that cybercrime is a threat for organizations of all sizes, even smaller companies. Their customer lists, their payment and banking information, their patents and designs — they all hold value to thieves. Or the bad actors will extract payment from their victims by using ransomware. 

Plus, many hackers have realized that, unlike larger companies, most small businesses don’t have particularly robust defenses. 

As a result, cybercrime continues to grow. Last year, the number of US cybercrime incidents surged by 10%, and the losses associated with those incidents grew by 22%, totaling more than $12.5 billion, according to the FBI’s Internet Crime Complaint Center.

Fortunately, it’s possible to strengthen your cybersecurity very quickly with a few key tactics. In this post, we’ll cover some of the most common but effective ways for protecting your company’s digital presence. 

Understand your risks, and plan accordingly

You should regularly conduct risk assessments of your company’s network and systems. As part of that review, you should know what kinds of sensitive information you have on your network, exactly where it’s stored and who can access it. 

By conducting a risk assessment, cybersecurity experts can point out holes in your digital security, the places where bad actors are most likely to strike, and even conduct penetration tests to see how your team and your systems respond to a realistic (but fake) attack. Once you know where the weaknesses are, you can assign your team to fix them or hire security experts to implement improvements.  

There’s also the matter of the physical world, which should receive regular risk assessments, too. Whoever conducts that review should be looking for ways that intruders could sneak into your property. They should also be testing the security around your sensitive areas, such as server rooms or wherever high-value files are stored.

And the same way that you prepare for natural disasters, fires and other business disruptions, your emergency planning should identify exactly what to do if sensitive customer information is stolen, if ransomware locks you out of your network or some other related emergency occurs. 

Who will take responsibility for getting your system back online? How will you communicate with customers about the issue? Should you buy an insurance policy to help cover the cost of recovery? 

Implement the right tools

Obviously, technology needs to be a central part of your cybersecurity defense. That includes:

  • Firewall software to prevent intruders from accessing data on your network, or to prevent sensitive information from leaking out 
  • Antivirus software to remove any malware or spyware that finds its way onto your machines
  • Virtual private networks (VPNs) to allow traveling employees and those working from home to access your systems securely 

It’s important to make sure these and other programs are updated regularly, so that any security vulnerabilities are quickly patched. 

Train your team to identify and avoid online threats

Everyone in your organization should receive basic cybersecurity training when they first join the team, and the training should be repeated at least once a year. To ensure everyone’s actually paying attention, you can also give them a test that, if they fail, requires them to retake the training. 

After this training, team members should be able to identify phishing attempts in incoming emails. They should know how to spot the most common types of scams, like the text message “from the CEO” asking them to go out and buy gift cards. 

Don’t stop testing your team

One of the best ways to keep your team sharp? Work with a cybersecurity contractor who can send fake phishing emails to the entire team throughout the year. In many cases, you can have a “Phish Alert” button built into their email app so employees can immediately point out any phishing attempts they see. Anyone who clicks a link in a test email or downloads an attached PDF could be assigned more training on best security practices. 

The benefit? When your staff receives “phishing” emails every week, they’ll be more likely to remember how to spot them. And they need to be on their guard: Last year, there were nearly 300,000 reported cases of phishing or spoofing, the single most common type of cybercrime, the FBI reported. Reported losses totaled $18.7 million.

Build a “say something” culture

Some of the biggest threats to your cybersecurity may turn out to be internal ones — including the trusted employee that you had no reason to suspect of wrongdoing. In many cases, though, there were signs. 

Maybe the employee constantly, bitterly complained of being underpaid — and then suddenly started driving a brand new car and taking high-dollar vacations. Maybe they kept wandering into offices or departments where they had no reason to be. Or maybe their car could be spotted in the office parking lot early on Sunday mornings when no one else was around. 

You might have missed these signs, but it’s unlikely that all of your employees did. By encouraging them to speak up if they see something unusual, you increase your odds of either preventing data theft or, if one happens, catching the responsible party quickly. 

Track and limit access to your systems

No one should be able to access your company’s files or tools unless they have a job-related reason for using those resources, especially for sensitive and valuable files like a customer list, proprietary designs, ingredient lists, upcoming marketing plans and other files. 

Your IT team should be able to put tools in place that require anyone who wants to use those sensitive files to provide a password first. For example, if each employee has a company-issued desktop or laptop, each person should have a unique user account on that machine, one that requires them to sign in before they can use the computer. 

For the most sensitive information, you might consider storing those files and machines in a locked room in your offices. 

Also, you should either place limitations on or entirely prevent team members from downloading software onto their devices. This will cut off one of the most common ways for malware to end up on your computers. 

Tighten the security for your Wi-Fi network

Make sure your router is using an updated encryption standard — WPA3 is the most current, though many also employ a version of WPA2. You can make your network even more secure by setting your router so it won’t broadcast the network’s name or SSID. And remember to update the password to your router. 

Back up your data

Data backups can save the day in the event of a ransomware attack. The number of such incidents increased by 18% last year, while the associated losses grew 74% to $59.6 million. 

So, make sure that your data is consistently being backed up on a regular basis — ideally, both online and offline, with a copy kept off-site. If you can’t update continuously, then daily. If not daily, then weekly. 

And test your backups to make sure they’re complete and accessible. You don’t want to discover there’s a problem with those files at the exact moment need them. 

Encrypt your most sensitive files

In the event that hackers steal any of your files, encryption will prevent them from actually using any valuable information. 

Have a plan for stolen devices

Make sure that company devices can be remotely wiped of any data so that, in the event of theft, bad actors can’t access sensitive information stored on those machines.  

Get serious about password hygiene

Require your team to regularly update the passwords they use to access company systems, and teach them how to create hard-to-crack ones — none of this “password123” nonsense. A good rule of thumb is to update passwords every three months, though your company’s needs might be different. 

You can help your employees improve their password habits by providing password management software that remembers all of their login information, which should discourage them from reusing the same passwords over and over. Instead, a good password manager will encourage them to create longer, more complex passwords.

You should also require that your employees employ multi-factor authentication whenever it’s available. Doing so should make it harder for bad actors to steal passwords and infiltrate your company’s systems. 

The bottom line about small business digital security

Good cybersecurity should include firewalls, antivirus software, multi-factor authentication and all the other technical tools that most people think of when they think about cybersecurity. 

But there’s also a significant people element, too. By investing in risk assessments, training and culture, companies can increase their odds of spotting and stopping bad actors from invading their networks and taking advantage of the data they find there. 

Chesley Brown provides a range of services to help companies protect their intellectual property and other sensitive information, both online and in the physical world. In cases where a breach has already occurred, the firm can also conduct discreet, in-depth internal investigations to identify how it happened and how to prevent future cases. If your organization is looking for a trusted expert in this area, start a conversation with Chesley Brown today. 

Sign up!

For industry-leading guides and analysis sign up for our blog below.

  • This field is for validation purposes and should be left unchanged.

Latest News

guest service agent greeting a mature businessman wearing a suit in a lobby.

The Role of Guest Service Agents

By James Hart | July 30, 2024

Written By: James Hart To compete for tenants, more commercial properties are adding a new type of role to their security presence: the guest service agent. Like traditional security officers, these agents are trained to…

Read More
Emergency Response Plans - Firemen near their truck on the street having rest after they put out a fire at night. Emergency , danger, service concept. Firemen at work.

Emergency Response Planning for Shopping Centers, CIDs, Entertainment Districts and Other Large Locations

By Chesley Brown | July 17, 2024

Written by: James Hart It takes hard work and careful thought to create an effective emergency response plan for office towers and other commercial properties.  But what if — instead of a single commercial building…

Read More
Two ladies looking out window discussing how neighborhood watch programs help redisents feel safe.

Neighborhood Watch Programs: Empowering Residents

By Chesley Brown | July 9, 2024

Written by: James Hart The neighborhood watch, one of the oldest tools for community crime prevention, can still be a useful tactic today for combating crime and nuisance activity at commercial properties, especially when combined…

Read More
Archie Dinwiddie - Corporate Director of Compliance and Risk Management

Archie Dinwiddie Promoted to Vice President Risk Management, Training, & Compliance

By Chesley Brown | July 2, 2024

We are thrilled to announce the promotion of Archie Dinwiddie to Vice President of Risk Management, Training, & Compliance at Chesley Brown. With an impressive tenure of 23 years at the company, Archie has been…

Read More
Image of a stressed business owner with her head in her hands to reresent business continuity and crisis management

Disaster Recovery Strategies: Business Continuity in Crisis

By Chesley Brown | June 20, 2024

Written by: James Hart The best advice on disaster recovery and business continuity might actually come from the movies. As Rocky Balboa said: “It ain’t about how hard you hit. It’s about how hard can…

Read More
The 7 Step Guide for Building Business Continuity Plans that Work