- TRAIN
Train employees in security principles. Establish basic company-wide security practices and policies.
- PROTECT
Use up-to-date security software, browsers and operating systems. Set antivirus software to run a scan after each update. Install key software updates as soon as they are available.
- SECURE
Firewall security programs prevent outsiders from accessing data on a private network. Enable your operating system’s firewall. Make sure that employees working from home are protected by a firewall.
- MOBILE
Mobile devices can create significant security challenges, especially if they hold confidential information or can access the corporate network. Make sure all users password-protect their devices, encrypt their data, and install security apps. Set up reporting procedures for lost or stolen equipment.
- BACKUP
Make backup copies of important business data and information. Regularly backup data on all computers. Backup data automatically, or at least weekly. Store backup copies offsite or in the cloud.
- ACCESS
Control physical access to your computers and create user accounts for each employee. Lockup unattended laptops. Create separate accounts for each employee, with strong passwords. Only give administrative privileges to trusted IT staff and key personnel.
- WI-FI
If you have a Wi-Fi network for your workplace, make sure it’s secure, encrypted, and hidden. Set up your wireless access point or router so it does not broadcast the network name. Password protect access to the router.
- PAYMENT CARDS
Make sure you are using the most trusted and validated tools and anti-fraud services. Isolate payment systems from other, less secure programs. Don’t use the same computer to process payments and surf the Internet.
- LIMITS
Limit employee access to data and information. Limit authority to install software. Don’t provide one employee with access to all data systems. Only give employees access to the specific systems they need for their jobs. Do not allow employees to install any software without permission.
- PASSWORDS
Require employees to use unique passwords and change them every three months. Consider implementing multifactor authentication. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.
The FCC’s Cybersecurity Hub has more information, including links to free and low-cost security tools.
Create your free small business cyber security planning guide here.
Check out the Department of Homeland Security’s ‘Stop.Think.Connect’ campaign.