Cybersecurity is paramount for small and medium-sized businesses, and getting it right can often mean spending on tools and outside expertise to keep your systems secure. There are, however, a variety of tools, tips and good practices that you and your employees can put into place that are cheap or even free.
These common-sense tips can complement your business’ cybersecurity efforts without needing major investments.
Conduct phishing tests
The best defense is a good offense. Businesses shouldn’t wait until a threat succeeds in order to plan for the next attempt. That’s why many security experts recommend conducting sporadic phishing tests on employees.
By simulating an attack, you can get a pulse on how well your company is prepared to handle individualized attacks on employee inboxes. Spoof an important email sender or business that can lure employees into clicking on a link that they should otherwise scrutinize first. Then message the employees who fell for the test. It can be helpful to set up a policy by which employees need to get retrained on cybersecurity if they fail one or more phishing tests.
Slowing down before answering messages
Although speed is important in competitive marketplaces, acting hasty can end up costing you significantly. Phishing attempts prey on our desire to act fast: successful spoofers will often send messages that appear to be from senior executives, banks, or payroll providers.
These scams prey on our instincts to reply to sensitive, high-priority emails rapidly—often faster than we can stop and think critically about the sender and the request. This approach means changing your organization’s approach to work: it’s often better to go slow where sensitive data is concerned.
Keeping data on in-network devices
Even if you have robust cybersecurity tools and protocols in place, a data breach on an employee’s personal or family computer can leave you vulnerable to attack. Once data leaves your network, it’s remarkably difficult to track down and delete—if possible at all.
It’s crucial for businesses to train employees about how, when and why they should think twice before sharing work-related data. This includes forwarding sensitive material from a work email to a personal email address, loading thumb drives with sensitive information or accessing a business network from a personal device. The more data you can keep within your own ecosystem, the fewer data leak vectors you may likely have.
Roll out sensible BYOD policies
The world of hybrid and remote work means that a bring-your-own-device BYOD policy might be necessary as your company adapts. It’s important to do BYOD the right way: there are inexpensive ways in which companies can add a layer of security to their infrastructure when allowing employees to use personal devices for work purposes.
Cloud networking providers may offer enhanced security tools for BYOD users. Some may only allow users to use an app if they provide it with administrator access to their device. This can help you set policies where employees cannot access or download certain sites or files, thus keeping them within your network. Tools like this vary in price depending on the scale and needs of the platform.
Pursue free and low-cost training
Cybersecurity expenses can add up quickly, depending on your needs. There are tools out there that are free or low-cost, which can either be a good starting point for your cybersecurity exercises. For example, the National Institute of Standards and Technology offers tools to help bolster your cybersecurity awareness that can also help inform employees.
Some of the best training is the most straightforward: in a world where speed is paramount, it’s often hard to slow down in order to think critically. The urge to click on a link, reply to an email, or download a file can overrule our ability to scrutinize the sender or their request. Encouraging tactics that embrace slowing down before acting can go a long way and are easy to implement.
Cybersafety doesn’t always have to be expensive
The cost of your company’s cybersecurity efforts doesn’t tell the fully story of its effectiveness. Foundational steps toward a safer business network begin with valuable, inexpensive efforts to be more vigilant online. This applies to employees but also employers, as it’s incumbent on them to roll out the right tools. The right mix of apps, training, and infrastructure can help your business stay safe without costing a fortune.