Business owners have their hands full and there never seems to be enough hours in a day. Because these VIPs are so busy solving other people’s problems, they rarely have time to worry about their own, including the increasing threats to their business. Even with an in-house IT department or a managed service provider on their side, it’s important to be aware of the risks and threats, and the strategies used to infiltrate a business.
We created this list with busy CEOs, presidents, business owners, and anyone else that finds themselves overwhelmed with – well, everything.
- Your risk tolerance Can your company afford downtime? If you’re a retailer, the answer is probably no with an extremely low tolerance level. If you’re a school, chances are you’re not missing out on any sales that keep the place running. The risk tolerance would likely be a bit higher, though not by much. Students and teachers rely on internet connectivity for numerous tasks. What’s at stake when your business is offline or infected by malware?
- Two-factor authentication Keeping accounts secure with complex passwords and two-factor authentication is one of the simplest, yet most effective ways to prevent credential stuffing from a breached database and brute force attacks, wherein the hacker deploys a bot that guesses credentials until it gets a hit. Two-factor authenticator prompts all login attempts to provide a unique token that changes about every 30 seconds.
- Penetration testing Also known as a PEN test simulates a cyberattack to gauge the security of a network. We recommended that companies have one administered at least once a year, or following any major organizational changes. After a PEN test, your company should have a plan to patch any holes in your network that were discovered during the test. This might include employee training, or partnering with a managed service provider to tackle the vulnerabilities with you.
- Your employees with admin privileges It’s wise to limit the number of employees with admin privileges. Why? Admin accounts are a segue to the most vulnerable parts of your network. When an administrative user gets hacked, it’s only a matter of time before the attack attacks the entire company. Employees with administrator logins should be well versed in cybersecurity, and aware of the risks paired with the permissions.
- Where your backups are located Backups are essential to any business, no matter the size of the operation. Of course, they prove valuable when a cyberattack compromises that data. They’re also a good fail-safe option in the event that major company-wide documents are lost or accidentally deleted.
This list, though brief, is a great starting place for business owners drowning in the chaos that is running a growing company. While familiarizing yourself with these items is extremely necessary, we always recommend sharing the responsibility with a trusted managed service provider or IT department.