Small Business Cybersecurity Tips and Best Practices

Data breaches aren't a fun thing to consider as a business owner, but they're becoming an increasingly common risk when doing business. According to Forbes, 43% of all data breaches affect small and medium-sized businesses, so there's a good chance yours might be hit at some point. How can you protect your customers' data AND your business? Also, how can you be one of the 14% of businesses that are prepared to defend themselves? Read on to learn how you can better protect your business and lessen the risk.

1. Know the Implications of a Breach
   This can help you understand where you should focus your efforts, and to develop a plan if a breach ever happens to your business.
   • 46% of cyber breaches impact businesses with fewer than 1,000 employees
   • On average, a data breach costs about $9.48 million
   • 60% of business close their doors within six months of a cyberattack
   • Despite these scary stats, about half of all small businesses report that they don't use any data protection for company and customer information
WaFd Security & Fraud Prevention Services
2. Hold a Cybersecurity Audit
   You can't know where to improve if you don't know where you stand. What areas is your business doing well in? What areas could use improvement? Review your policies to be sure they're current with how you do business today. Technology moves quickly, and if you aren't reviewing your policies every year, they could be completely wrong. Updating them gets you and your employees on the same page so they know what's expected of them. If you don't have one yet, you should be able to find a local IT professional in your area that can help you out.
3. Create an Employee Training Plan
   As a business owner, it's important to have a detailed plan that everyone understands, not just your IT staff. Establish basic security practices and guidelines for employees, such as requiring strong passwords and establishing appropriate Internet use examples. Consider reviewing real-life case studies with your employees about what happens when online and digital security practices are ignored.
   
   Lastly, remind them of the type of business information that is considered secure or classified, what should or shouldn't be downloaded online, and how to spot fraudulent emails.
4. Audit Employee Access
   Put together an information access audit plan and create a recurring reminder to review it every few months. For example, your audit plan might include reviewing which employees have access to the below areas, and granting or removing access as your business grows.
   1. Website and social media pages
   2. Bank accounts
   3. Network login access
   4. Physical access to storefront or back-office via a key or badge
   5. Credit cards under the business' name
5. Strengthen Your Passwords
   It might sound surprising, but it's true—the most used password in 2022 was “123456”. Too many businesses and employees are using passwords that are easy to guess, and often use the same ones across multiple sites and accounts. If one password is compromised, everything else is at risk too. Passwords don't need to be complicated, but a good rule of thumb for passwords is that they be at least 12 characters long with uppercase, lowercase, numbers, and at least one special character. To help you manage things, a password manager tool can be a great asset to improve your cybersecurity at work and home.
6. Lock Down Your Business Online Banking
   Are you sharing your bank login information with your employees? If yes, it's time to change that. Your bank should offer sub-users (or multiple users) for your business online banking—one for you, one for whoever is helping you manage the business' cash flow and/or transactions. Having different logins allows you to adjust which accounts they do or don't see, which transactions they can make, and more. This way, you can give them access to what they need to get their job done and protect yourself and your business at the same time.
WaFd Secure Business Online Banking
7. Keep Your Devices Up to Date
   Are your machines clean? Do they have the latest security software, web browsers, or operating systems? Installing the latest versions of these programs may be time consuming, but remember the most recent protections only work if you choose to use them. If you're not updating your equipment, you're leaving your business vulnerable.
8. Provide Firewall Security for Your Internet Connection
   A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure your operating system's firewall is enabled. If employees work from home, ensure that their home systems are protected by a firewall or provide them with equipment or software with virtual private network (VPN) access.
   
   If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Be sure to password-protect access to the router as well.
9. Consider Cyber Liability Insurance
   If you've ever been in a car accident, you know car insurance is well worth the cost. Cyber insurance is the same, and this policy can cover your business' liability for a data breach involving sensitive customer information, such as credit card and account numbers.
   Other than legal fees and expenses, cyber insurance typically helps with many other things:
   • Notifying customers about the breach
   • Restoring personal identities of affected customers
   • Recovering compromised data
   • Repairing damaged computer systems
   Double check your general liability insurance. There's a good chance that it doesn't cover claims related to data security. With cyberattacks and security becoming more important every year, it's better to be safe than sorry.
10. Do Your Research
    Technology may not be everyone's forte or interest, but it's a part of everyone's lives and all business environments. Protection steps will vary depending on the industry and business size, but by adopting a strong plan, you as a business owner can tackle cyber security issues smoothly and in a business-focused manner.
    
    For more information about practical steps you can take, check out these helpful articles:
    • Assess Your Business Risk—U.S. Small Business Administration
    • 101 Digital Data Tips—DigitalGuardian.com
    • Cybersecurity for Small Business—Federal Communications Commission

WaFd Bank is Here to Help

We know a thing or two about security, and we're here to answer all your questions both big and small. Not only does WaFd offer business accounts and business services, we also offer helpful tools like Positive Pay and WAFD Treasury Prime Plus so you can get peace of mind and get back to running and growing your business. Give us a call at 800-324-9375, stop by your neighborhood branch, or contact your local business banker to get started today!