By Ian Thompson, US SMB Commercial Marketing Lead, Cisco.
When it comes to cybersecurity, small and medium businesses (SMBs) often get left behind. Some SMB owners believe their company is too small to be worth a hacker’s time. For others, the idea of incorporating security technology is so daunting that they opt for the most basic security, thinking it will be enough.
Well, you’ll be happy to know that current cybersecurity technology is incredibly accessible to businesses of all sizes! On an episode of the Small Business Big Solutions podcast, we were joined by Mike Storm, cybersecurity engineer at Cisco and host of the Unhackable podcast.
He was able to share a few simple cybersecurity tips for SMBs you can follow to secure your data under lock and key!
Why Cybersecurity is So Important to SMBs
If you’re worried it’s too expensive to invest in data security, you should really consider not only how a cybersecurity breach will hurt your business but how it can damage the lives of your customers.
Even the smallest businesses are trusted with vital information, like email addresses, credit card information, and health records. In the wrong hands, this type of data can ruin a person’s life, costing them money or even their safety.
Investing in strong cybersecurity technology will protect your business’s reputation and your customer’s sensitive data.
Hackers will also exploit our trust to facilitate a cybersecurity breach. This could be something as simple as an employee clicking an untrustworthy link or sharing sensitive information with a hacker posing as someone else.
All in all, when you’re online – either at work or home – you should be focusing on two things:
- Protecting your data connection
- Protecting your credentials
Below are some quick tips you can follow to protect your business’s most vital information.
1. Protect Your DNS Server
DNS stands for Domain Name System and is responsible for mapping an IP address to readable names. Anytime you type in a web address, like Cisco.com, a DNS server identifies the IP address associated with that query and directs you to the proper site. This process occurs during every connection online.
However, hackers can be quite sneaky, using programs to trick a DNS server into redirecting a user to a fishy website where they can collect your data for their use. It’s important to have a cybersecurity tool that protects you at a DNS level so every connection is protected. A product like Cisco’s Umbrella provides DNS-layer security to block malicious domains before they reach you.
2. Protect Against Credential Theft
People often don’t give their credentials much thought unless they are actively using them. Unfortunately, just because you’re logged out of a site doesn’t mean your credentials aren’t at risk.
Hackers are constantly searching for credentials to gain access to all kinds of platforms for nefarious purposes. In fact, identity crimes like these more than doubled in 2019 and 2020, when the pandemic forced many workplaces online.
Multifactor authentication (MFA) remains one of the best ways SMBs can guard against credential theft. Tools like these provide an extra layer of protection, even when a user’s credentials are compromised. Whenever they provide their credentials to log into a platform, an autogenerated password is sent to their cell phone or inbox to gain access. If someone tries to log in with their credentials and fails, many multifactor authentication programs will alert the user, so they can change their credentials and stay secure.
3. Use a Password Management Tool
You’ve probably heard it time and time again, “Don’t reuse your passwords!” But let’s be honest, we’re all guilty of it. Maybe you’re on a lunch break and you just need to set up a quick account to buy that pair of shoes that just went on sale. Why take the time to create a brand-new password that you’ll just forget anyway?
This type of scenario is exactly what hackers are banking on, which is why you should vary your credentials across all platforms.
When an organisation is hacked, hackers will reuse passwords across the web to see if they can access more valuable information. Suddenly, that password you used to buy your new favourite T-shirt is being used to access your banking information!
Providing a good password management tool for your employees allows them to store hundreds of passwords safely so you never forget them. Best yet, most password management tools are accessible from any device, so you can get your passwords from anywhere.
4. Protect Your Browser Sessions
When your company purchases anything on the web, data of all kinds – like email addresses and credit card information – is shared with the vendor. In the hands of the hacker, this information can be used to compromise your small business. One way to protect yourself is to use a browser extension that masks critical information from the vendor during a transaction.
In the event of a vendor data breach, your information will be protected, saving your small business from a lot of headaches.
A browser extension like Blur protects your most sensitive data, like email addresses and credit card numbers, so even the vendor doesn’t have access.
5. Manage Your Social Media
Social media has become a way of life, not only for individuals but for companies as well. Nowadays, you can use your social media credentials to buy products, log into third-party apps, or even order food. While convenient, these connections can lead to vulnerabilities within your business.
For example, an employee may unintentionally link their private email to log into a business application. If their personal email is compromised, hackers can potentially infiltrate that business application, resulting in a cybersecurity breach.
Several programs, like Umbrella, use a Cloud Access Services Broker (CASB) that manages and monitors all connections to your cloud service, blocking any unwanted connections from occurring.
From a user standpoint, employees should practice good social media hygiene (no, Tik Tok hasn’t installed a hand washing feature). Businesses should educate employees about the dangers of posting personal information on social media. Hackers often search employees’ personal social media pages for information to gain their trust. This information can be used to make phishing emails look legit.
Cybersecurity and More Solutions for SMBs
If you’re looking for more ways to improve your small business’s security – and a whole lot more –listen to our podcast, Small Business Big Solutions, on Soundcloud, Apple Podcasts and Spotify. In each episode, we bring on an IT expert to show you how to optimize your technology solutions, protect your data, and more. It’s just one of many podcasts we offer on the Cisco Podcast Network covering technology to culture, and everything in between.
Be sure to check out the Unhackable podcast with Mike Storm, specifically the “Unhackable Principle: Invisibility” episode where he covers how being invisible in the digital world can provide a huge deception advantage against attackers and bad actors looking to do harm and compromise your most precious possessions.