Cybercrime is a major threat to all types of businesses. Small businesses, in particular, are particularly appealing targets because of their limited financial resources and technical expertise. However, small businesses can take a few practical steps to enhance their cybersecurity.
Bolster password security
Passwords are the first line of defense for businesses against cyberattacks. If passwords are weak and generic, cybercriminals can easily guess their way into your systems. And when they do, data breaches, financial loss, and reputational damage can happen as a result.
Small businesses can improve their password security by adopting the most recent password guidelines of the National Institute of Standards and Technology (NIST):
- User-generated passwords should have at least eight characters. The longer a password is, the harder it is to crack.
- Instead of using complex passwords, use passphrases. NIST no longer recommends the use of complex passwords, or those that contain a mix of uppercase letters, lowercase letters, numbers, and special characters, since they are difficult to memorize. Instead, NIST recommends using passphrases, which consist of at least four random words that are uncommonly used together, as they are longer, easier to remember, and more difficult to guess.
- Allow all ASCII/Unicode characters. Allowing a wider range of characters will make it more difficult for attackers to guess passwords.
- Do not force users to change their passwords regularly. Mandated password resets often lead to weak passwords because they force users to create and remember new passwords frequently. Users may then resort to poor password habits, such as using easy-to-remember but weak passwords, reusing passwords across multiple accounts, and writing down passwords on paper.
- Check passwords against databases of compromised passwords. Cybercriminals typically take advantage of compromised login credentials from previous data breaches to exploit other accounts that share the same username and password combination.
NIST no longer recommends the use of complex passwords, or those that contain a mix of uppercase letters, lowercase letters, numbers, and special characters, since they are difficult to memorize. I
Adopt zero trust security
The traditional perimeter-based security model assumes that users and devices inside the network are trusted. However, this assumption is no longer valid in today's work environment, where users and devices can be located anywhere and can connect to the network from a variety of devices.
Zero trust security assumes that users and devices can't be trusted by default. It is based on the following principles:
- Never trust, always verify: All users and devices must go through authentication and authorization processes before they can access resources.
- Least privilege: Users should be granted access only to the resources they need to perform their duties in order to reduce the risk of unauthorized access to company data or systems.
- Microsegmentation: Networks and applications should be segmented into small, isolated units to limit the damage that can be caused by a security breach.
- Continuous monitoring: All systems and networks should be continuously monitored for signs of malicious activity so companies can identify and respond to threats quickly.
Read our FREE eBook: Cybercrime defense game plan: A straightforward guide to defending your business
Implement defense in depth (DiD)
The DiD strategy involves using multiple layers of security to create a more robust defense that can stop a wide range of cyberattacks.
There are many different security measures that can be used as part of a DiD strategy, including:
- Firewall – monitors and controls incoming and outgoing traffic between an internal network and external networks based on predetermined rules
- Intrusion detection system (IDS) – monitors network activities, analyzes suspicious behavior, and generates alerts for further investigation
- Intrusion prevention system (IPS) – actively blocks potential attacks and suspicious activities from compromising a network or system
- Anti-malware software – scans files and monitors system activities for known patterns or behaviors associated with viruses, worms, and other malicious software
- Data encryption – converts data into an unreadable format so that only users with the decryption key can understand it
For comprehensive and affordable cybersecurity, turn to the IT experts of NetQuest. With us at your side, you can be sure that your business will be protected from all types of cyberthreats. Schedule your security assessment today.