Cybersecurity for SMBs

From making sure that nobody is doing Zoom calls in their bathrobe to ensuring that work actually gets done on time, you’ve got a few extra things to worry about as a San Jose area business owner these days. Chief among those new concerns, however, should be cybersecurity. Cybersecurity steps are one of those painful, annoying topics that nobody wants to think about in a small business environment (kind of like *ahem* taxes and accounting) … but one that rears its head as a terrible, business-killing beast when left unattended. There’s an entire slew of “information security” concerns that may not have been top of mind back when all the files and sensitive data were locked up nice and tight back at the office, but should be at the forefront now for all San Jose area business owners. Before we dive into that, though, a quick reminder on an important business tax deduction… As your favorite San Francisco Bay Area restaurants re-open, don’t forget that recent stimulus legislation bumps the business meal deduction all the way up to 100% for both takeout meals and meals consumed at the restaurant. If you’re traveling for business or take a customer or prospect out to eat, that totally counts. What doesn’t count are prepackaged foods, such as prepared sandwiches and wraps, that are purchased from places like San Jose area convenience stores. During that customer meeting at your favorite local eatery, let’s delve into some important tips that you should pay attention to before connecting to the restaurant wi-fi (among other things) … 5 Cybersecurity Steps all rea Business Owners Should Take“You may have to fight a battle more than once to win it.” – Margaret Thatcher Whether your San Jose area business is in full-on work-from-home mode, or your business is such that this is a totally foreign concept, the reality is that cybersecurity steps are something you absolutely need to address. Your office computers, employee laptops and tablets, cloud services (which can be accessed remotely), and even company cell phones all have an insane amount of information on them that hackers would love to get their digital hands on. Along with customer credit card numbers and employee SSN’s and DOB’s, your digital records contain a wealth of valuable information. Even something as seemingly innocuous as customer estimates and invoices can look like hidden treasure to the world’s digital pirates. Taking basic cybersecurity steps is cheap protection against potentially embarrassing and expensive data breaches. If you do have employees working remotely, it’s your responsibility to protect customer and employee data. Just like the IRS sets minimum requirements for us to protect YOUR private information, you should also set minimum standards for cybersecurity in your own business. A recent study by Shred-it (business document destruction company) stated that a whopping 96% of American consumers consider a business’s employees to be the largest risk factor for a data breach. So, how do you put your San Jose area customers at ease, do the right thing, and help prevent data breaches and ensuing expensive lawsuits? Step 1: Have a Written PolicyThe first of the five cybersecurity steps you need to do in order to protect against data breaches is to have a written policy at your San Jose area company about data security. You need to put rules in place that both protect data and prevent your employees from taking shortcuts that put valuable information at risk. For example, you’ll want a policy that covers minimum password complexity as well as a process in place for ferreting out all those “abc123” and “password” passwords. Your written cybersecurity policy should outline the basic things your staff should do to keep things secure. Be sure that your policy includes the use of proactive defenses like anti-virus/anti-malware scanners, drive encryption, and software firewalls. You’ll also want to specify what software programs and apps are okay for your employees to use when accessing company information. Step 2: Use Secure ConnectionsUsing secure connections is the next one of the cybersecurity steps to take. One of the most common ways that criminals access company data is when employees are using unsecured, public Wi-fi networks, and that includes those in San Jose area. Even if they’re at home, most people don’t properly secure their home routers. It is essential to provide some level of technical support, at company expense (deductible, of course!), to help at-home employees secure their Wi-fi connections. You should also consider subscribing to a secure VPN service. These services are affordable and provide a secure “tunnel” between an employee’s home internet and your business network. Make sure to choose a service that uses top level encryption across the entire span of that “tunnel.” Step 3: Use Password ManagersOf the many cybersecurity steps you should take, this might be the most important one across the board. Weak passwords (remember “abc123”?) are everywhere. This tends to be one of the weakest links in cybersecurity, especially for small San Jose area businesses. With all the services and software that your business runs on these days, your employees likely have a metric boat load of passwords that they can’t possibly remember. Which means they are probably “recycling” their passwords. (Yeah, that’s not a good thing.) While choosing more secure passwords is a good starting point, it may be worth investing in a password manager for every member of your team. Tools like LastPass and 1Password are very affordable and go a long way with helping your employees create secure, unique passwords for all the services they need to access. Step 4: Use 2-Factor AuthenticationTwo-factor authentication (or 2FA as the cool kids call it), adds a layer of security on top of passwords. Even if a password gets hacked, 2FA is one of the very difficult cybersecurity steps to hack. 2FA requires that you enter a code to access an online service. This code can be sent as a text message to an approved cell phone or can use a special security fob that shows a number