Small businesses are quickly deploying various technologies to better serve their customers and manage their business more efficiently. Different kinds of technologies, however, come with a variety of risks and require alternative strategies for protection.
Follow these “Quick Wins” as a starting point to help outline your organization’s security awareness training program.
- Require strong, unique passphrases on email accounts.
- Turn on two-factor authentication.
- Do not use personal email accounts for company business.
- Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source.
- Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful email.
- Create unique, strong passphrases.
- Separate user and administrative accounts.
- Keep a clean machine: Update software regularly.
- Avoid web browsing on POS terminals
- Use antivirus protection.
- Make sure your computer operating system, browser, and applications are set to receive automatic updates.
- Ensure all software is up to date. Get rid of software you don’t use.
- Your company should have clear, concise rules for what employees can install and keep on their work computers.
- When installing software, pay close attention to the message boxes before clicking OK, Next or I Agree.
- Make sure all of your organization’s computers are equipped with antivirus software and antispyware. This software should be updated regularly.
- Limit access to data or systems only to those who require it to perform the core duties of their jobs.
- Spell out your privacy and security expectations in clear, user-friendly language to service providers.
- Understand how their services work and to what you are giving them access.
- Build in procedures to monitor what service providers are doing on your behalf.
- Review your privacy promises from the perspective of a potential service provider.
- Spell out expectations and scope of work in a formal agreement/contract.
Stinnett & Associates is not a CPA firm.