Cyber security best practices for small business owners
A single cyber attack can disrupt your business, threaten the protection of data and personal information, harm your business’s reputation and cost your business money. Here are a few non-exhaustive, simple and practical cyber security tips to help your business protect data, preserve personal information and decrease cyber-related threats.
Cyber security awareness, education and training
Cyber security awareness, education and training helps your employees understand the risks involved when proper cyber security measures are not implemented or taken seriously. Provide privacy and security training that educates your employees on detecting and responding to cyber security incidents.1
Protect your devices against cyber threats like viruses and malware
To help protect devices from cybercrime threats, consider using anti-virus and anti-malware software on your computers and ensure that all software installed on your business’s network is updated regularly. You may also set the software to automatically install updates on all company devices and computers as they become available.
Back up data for enhanced privacy and security
Whether your business stores information on a cloud service, on-premises, or in a hybrid data center, back up all files to external hard drives that are not connected to the Internet. This can reduce the likelihood of future cyber security incidents and minimize the risk of malware destroying both business and personal data.2
Create strong passwords
Require that your employees create strong passwords, such as a phrase containing random words, letters, numbers and symbols. A strong password makes it more difficult for cyber criminals to hack into computers and steal sensitive and personal information. Remind employees that their work passwords on their computers and online platforms must be unique and changed periodically to help ensure constant cyber security and privacy protection.
Secure Wi-Fi networks
Ensure the password on your organization’s wi-fi network is changed from the service provider’s default and follows the same strong password guidelines as above. Secure your online network from cybercrime threats by providing visitors to your business who need to use the internet with access to a guest network. This cyber strategy adds an extra layer of privacy and cyber security by preventing said visitors from accessing your employee network and private or personal information. A virtual private network (VPN) can also provide your employees with secure internet access to your company network securely from their devices.
Secure your payment systems
Choose a bank or processor who uses the most trusted security tools and anti-fraud services. Consider keeping your payment systems isolated from other systems or platforms to avoid the malicious threat of cybersecurity breaches.
Provide firewall security for your internet connection
A firewall is a set of related cyber security programs that prevent outsiders from accessing data on your private network.3 Ensure your operating system’s firewall is enabled and properly configured in order to minimize cybercrime threats. If employees work remotely, encourage them to check that their internet systems maintain a high level of cyber security and are also protected by a firewall. To learn more about home network security for remote employees, visit www.getcybersafe.gc.ca.
Control access to computers and devices
Control physical access to your computers and devices by creating a user account for each employee.4 Ensure that mobile devices and laptops are locked and protected by strong passwords when unattended. To ensure privacy and protect data, administrative privileges should only be given to trusted IT staff and key personnel.
To learn more about how you can protect your business from cybercrime and cyber attacks visit aviva.ca/business-cyber or talk to your insurance broker to learn more.
Sources:
1 https://www.cyber.gc.ca/en/provide-employee-awareness-training
2 https://www.cyber.gc.ca/en/back-and-encrypt-data
4 https://www.cyber.gc.ca/en/implement-access-control-and-authorization
Read more like this
29 Oct 2024
A better way to insure against extreme weather
27 Sep 2024
Managing fire risk in ASRS facilities
13 Aug 2024
Solar panels: the importance of preventive maintenance
27 Jun 2024
Prepare your business for EVs
25 Jun 2024
How protecting small businesses from legal risks makes a difference
7 Jun 2024
Multinational insurance solutions: make the world your marketplace
7 Jun 2024
Meeting the needs of a growing and evolving Warranty marketplace
23 May 2024
Does your building have a rigorous fire impairment procedure?
23 May 2024
6 actions carriers can take to avoid nuclear verdicts
10 Apr 2024
ESG Risk 101 for businesses: Why (and how) you should get started
22 Mar 2024
What businesses should know about AI (Artificial Intelligence)
26 Feb 2024
How to ensure your building can withstand a power outage
This blog was originally provided by The Boiler Inspection and Insurance Company of Canada (“HSB Canada”). Permission was granted to Aviva Canada Inc. (“Aviva”) to repurpose content for the Cyber Blog Series. The content in this article is for information purposes only and is not intended to be relied upon as professional or expert advice. Aviva and HSB Canada make no warranties or representations as to the accuracy or completeness of the content herein. Under no circumstances shall Aviva or HSB Canada or any party involved in creating or delivering this article be liable to you for any loss or damage, whether direct or indirect, that results from the use of the information contained herein. Except as otherwise expressly permitted by HSB Canada and Aviva in writing, no portion of this article may be reproduced, copied, or distributed in any way. This article does not modify or invalidate any of the provisions, exclusions, terms or conditions contained in either HSB Canada or Aviva policy and endorsements.
Copyright in the whole and every part of this site belongs to Aviva, unless otherwise indicated, and may not be used, sold, licensed, copied or reproduced in whole or in part in any manner or form or in or on any media to any person without the prior written consent of Aviva.