7 things every business owner should know about cybersecurity

Business owners have their hands full and there never seems to be enough hours in a day. Because these VIPs are so busy solving other people’s problems, they rarely have time to worry about their own, including the increasing threats to their business. Even with an in-house IT department or a managed service provider on their side, it’s important to be aware of the risks and threats, and the strategies used to infiltrate a business. 

We created this list with busy CEOs, presidents, business owners, and anyone else that finds themselves overwhelmed with – well, everything. 

  1. Your risk tolerance Can your company afford downtime? If you’re a retailer, the answer is probably no with an extremely low tolerance level. If you’re a school, chances are you’re not missing out on any sales that keep the place running. The risk tolerance would likely be a bit higher, though not by much. Students and teachers rely on internet connectivity for numerous tasks. What’s at stake when your business is offline or infected by malware? 
  2. Two-factor authentication  Keeping accounts secure with complex passwords and two-factor authentication is one of the simplest, yet most effective ways to prevent credential stuffing from a breached database and brute force attacks, wherein the hacker deploys a bot that guesses credentials until it gets a hit. Two-factor authenticator prompts all login attempts to provide a unique token that changes about every 30 seconds. 
  3. Penetration testing Also known as a PEN test simulates a cyberattack to gauge the security of a network. We recommended that companies have one administered at least once a year, or following any major organizational changes. After a PEN test, your company should have a plan to patch any holes in your network that were discovered during the test. This might include employee training, or partnering with a managed service provider to tackle the vulnerabilities with you.
  4. Your employees with admin privileges It’s wise to limit the number of employees with admin privileges. Why? Admin accounts are a segue to the most vulnerable parts of your network. When an administrative user gets hacked, it’s only a matter of time before the attack attacks the entire company. Employees with administrator logins should be well versed in cybersecurity, and aware of the risks paired with the permissions.  
  5. Where your backups are located Backups are essential to any business, no matter the size of the operation. Of course, they prove valuable when a cyberattack compromises that data. They’re also a good fail-safe option in the event that major company-wide documents are lost or accidentally deleted.  

This list, though brief, is a great starting place for business owners drowning in the chaos that is running a growing company. While familiarizing yourself with these items is extremely necessary, we always recommend sharing the responsibility with a trusted managed service provider or IT department. 

Leave a Comment