Tips from the SBA Cyber Security Summit Protecting Your Small Business Against Cyber Threats

In today’s digital age, people and small businesses are increasingly the targets of cyberattacks. Criminals see lucrative opportunities by exploiting vulnerabilities in technology and gaps in knowledge that can lead to data breaches, financial losses, and damaged reputations. The Small Business Administration (SBA) hosted their annual Cyber Security Summit to share best practices for digital health and how to safeguard your business, assets, and customers. Here are the top ten tips you can use to implement stronger policies in your business!

1. Employee Training

Train your staff about cyber threats and how to recognize phishing emails, suspicious links and downloads, and social engineering tactics. Regular training sessions will help employees become your first line of defense against cyberattacks. 

2. Password Management

Implement a password policy that enforces complex, unique passwords for each user account. Make sure any equipment or software with a default password gets changed immediately upon activation. Encourage the use of password managers and enable multi-factor authentication (MFA) to enhance security.

3. Software Updates

Keep all your software, including operating systems and applications, up to date. Cybercriminals often exploit known vulnerabilities in outdated software.

4. Network Security

Install firewalls to protect your private network and monitor your network traffic to see if it’s being accessed by others. Do not use an open network such as public wi-fi to conduct business.

5. Data Backups

Regularly back up your data to ensure you can quickly recover in case of data loss. Consider using the 3-2-1 method: Have 3 sets of data (1 original and 2 copies), on 2 different types of storage (1 physical and 1 cloud-based), with 1 of the storage options located offsite. 

6. Access Control

Grant access to data based on an employee or user’s role and limit the ability to modify or delete sensitive information. Promptly remove access for those no longer needing it. 

7. Security Software

Install antivirus, anti-malware, and anti-spyware software. These tools can help you detect and remove threats as they are found.

8. Email Security

Use email filtering to pre-sort spam and phishing attempts into your junk mail. Do not open attachments or click on suspicious links from unknown or unexpected senders, and always review the senders address to verify the source. 

9. Response Plan

Develop a comprehensive incident response plan that outlines what to do before, during, and after a cyberattack. Define roles and responsibilities and practice response scenarios to minimize the impact of a breach.

10. Vendor Security

Ask your vendors questions such as how they protect data, where is the data stored, what is their incident response plan, etc. Request proof of your vendors cyber security and data protection policies.

In conclusion, it’s essential for small businesses to prioritize cyber security. By implementing these tips, you can reduce your vulnerability to cyberattacks, protect your sensitive data, and ensure the longevity of your business. Stay vigilant, stay educated, and stay one step ahead!

Additional Resources

1. SBA business guide – Strengthening your Cybersecurity

2. Department of Defense – Be Cyber Smart

3. Cybersecurity & Infrastructure Security Agency (CISA) 

4. Project Spectrum – Cyber Training

5. America’s Small Business Development Centers – Toolkit

6. Federal Bureau of Investigation – Common Scams

7. Federal Trade Commission – Phishing Quiz

8. Federal Trade Commission – Free bulk order publications

9. White House – National Cybersecurity Strategy

10. Small Business Digital Alliance – Digital Tool Library

11. Department of Transportation – Enterprise Services Center

12. Oklahoma Office of Management and Enterprise Services – Cybersecurity Tips for Travel