Activate your cybersecurity: Eight steps toward a secure business
Take a deeper look at cybersecurity risks and strategies, and keep this list handy when creating or updating a strategy for protecting your business from cyber threats.
1. Understand your unique cybersecurity plan needs
Your business has particular needs across areas — and that means your cybersecurity strategy will need to be individualized as well. For instance, consider: the types of breaches most relevant to your industry, if your business is cloud-based with numerous connected devices, and how your employees access and treat secure information. These considerations will help you determine your specific approach to tackling cybersecurity.
2. Separate — and understand — systems and information
Keep your payroll system, business email, and point-of-sale (POS) system on separate devices to avoid a potential breach or hack impacting them all at once. Also work on basic asset management to understand what can connect to your network and who has access to what.
3. Build a backup system
Work with your third-party technology and software vendors to ensure your information is backed up regularly. Also keep a POS system that is not linked to your current network in reserve to maintain access to sales data.
4. Install and update anti-virus software
Secure your business by installing anti-virus, anti-spyware, and anti-malware programs, as well as a firewall. Check if your technology vendors offer additional protective software for mobile phones or tablets. For those devices, use a firewall with a virtual private network, which can help protect them on public networks — such as in airports, coffee shops, and convention centers. Since out-of-date software can pose a greater security risk, ensure that your software is routinely updated or patched to fix bugs, and that your hardware is on a maintenance check schedule.
5. Change default usernames and use strong passwords
When setting up a device, make sure all the default names, usernames, and passwords are unique, and don’t reuse passwords across multiple sites. For example: “Admin” is easy to remember, but it’s also often the standard username, and easy to guess. For increased security, use long passwords (or “passphrases”) and a combination of letters, symbols, and numbers in your passwords. Additionally, password management software can help minimize unauthorized use of a login and manage various passwords across accounts.
6. Train employees and outline specifics
Define and create roles so access is only granted as needed. Track which hardware each employee can access, and inform employees of the proper procedure when they are prompted for device updates or in the case of lost or stolen devices. Train employees to keep an eye out for issues like irregularities, bad connections, pop-ups, or phishing. And if you’re considering a “bring your own device” policy (BYOD), consider the impact of employees using their own devices at work.
7. Remove employee or contractor access immediately after termination
Dedicate time to changing passwords and closing username profiles for any terminated employees. A thorough review of their computer or device will reveal any other profiles or accounts that may be accessible from that device.
8. Don't forget about your smartphone
Have a passcode, only download applications from trusted developers, install updates regularly, and don’t click on links received in suspicious or unsolicited texts — the latest way hackers are gaining access to your data. Additionally, enable remote tracking and data wiping on your device, so if it’s stolen, you can render your data irretrievable.
Planning for cybersecurity:
Learn the steps to protecting your business.
Protect your business data
By providing your email address and business name, you’ll get a Wells Fargo Works for Small Business® guide on the IT security your business needs.*See Footnote heading
Cybersecurity shouldn't be a one-person job. Learn more about what to address in your plan and how to delegate its execution.