According to a recent study, 57% of small businesses feel that cybercriminals won't target them, while over 20% have already been the target of an attack. The average cost of a targeted attack for small organizations is $188,000, which is higher than it has ever been. There were other incredibly interesting findings from this report, but let’s investigate the protections a small business could put in place that are essentially zero cost.
There are several IT security improvements every business can make without spending money or signing up for a service. While these improvements alone aren’t enough to consider your business secure, nor build a security program around, they still are critical to any cybersecurity program. The only thing they would require is a little bit of time to implement and your organization’s willingness to change or tweak some processes.
Pro-Tip #1: Eliminate RDP Vulnerabilities To Protect Your Business
The first suggestion is to make sure you do not have any remote desktop protocol (RDP) ports open on your network. Whenever Net Friends is called in to clean up after a ransomware attack, we’ve observed that attacks on RDP are the #1 factor associated with the start of ransomware attacks on small businesses.
The best place to start is to have a written company policy that prohibits RDP at your business. There are multiple alternative ways to remotely connect to a server, and RDP is just too vulnerable, often targeted by cybercriminals, and too expensive to appropriately secure and monitor.
If you aren’t sure if you have RDP somewhere on your network, check out our minimally technical method of verifying this for yourself. Of course, a company like Net Friends can perform that assessment for you as well, but since we’re focused on zero-cost security improvements, it’s best to start first with a policy that prohibits RDP.
Go to Net Friends' Step-by-Step Guide on How to Eliminate RDP Vulnerabilities
Pro-Tip #2: Implement an Acceptable Use Policy
Another suggestion is to adopt an Acceptable Use Policy (AUP) and train every staff member in your business to follow guidelines for the appropriate use of technology assets. An AUP is typically a few pages that outline your business’ security principles and requirements and usually requires a signature to confirm that each employee agrees to abide by it.
This policy should cover how data needs to be protected, how passwords are to be handled and used, and various practices that you expect an employee to engage in that promote a secure computing work environment.
Pro-Tip #3: Consider Additional Security Verifications
The third suggestion is to create a policy that requires additional verification whenever someone requests assistance resetting a password, getting around a multi-factor authentication control, or doing anything that bypasses the standard authentication controls you have in place.
Pro-Tip #4: Workstation Encryption is a Must For Protecting Your Business
Lastly, require that everyone in your company turn on encryption for workstations that they use for business.
Start with creating a company policy requiring encryption on all workstations and mobile devices. Turning the built-in encryption on can be done with just a few clicks on either Apple devices or Windows devices.
If you have an internal IT department or an outsourced IT provider like Net Friends, encrypting devices would be something those IT support teams would want to manage for a business. However, the most important thing for any business is to ensure that they have all their workstations encrypted, and it’s less of a priority how that encryption is managed.
Build A Strong Security Culture
At Net Friends, we have a long history of improving our own cybersecurity culture and applying it to our services to promote secure environments for our customers. These security tips are all services our NetVisor customers benefit from when they work with Net Friends, as we include these in our standard Managed Services offering for no additional cost. We ensure cybersecurity is deeply ingrained in all of our IT services and IT support offerings. If you’re interested in discovering more with Net Friends, please reach out to us and we’ll help you protect your business and reputation.
WHAT TO READ NEXT:
- How We Sustained Our Security Culture
- How We Became HIPAA Experts
- Net Friends Receives SOC 2 Type II Attestation for Second Year in A Row
At Net Friends, we believe in the power of human expertise. While we leverage AI to enhance our content and processes, all blog posts are written and edited by our knowledgeable staff. You can trust you are getting insights directly from our team.