According to a recent Hiscox Cyber Readiness Report from May 2021, the average annual cost of a cyber attack on a small business was $25,612. An additional finding in this report was that nearly 1 out of 4 small businesses suffered at least one cyber attack in the last year. There were other incredibly interesting findings from this report, but let’s investigate the protections a small business could put in place that are essentially zero cost.
There are several IT security improvements every business can make without spending money or signing up for a service. While these improvements alone aren’t enough to consider your business secure, nor build a security program around, they still are critical to any cybersecurity program. The only thing they would require is a little bit of time to implement and your organization’s willingness to change or tweak some processes.
Pro-Tip #1: Eliminate RDP Vulnerabilities
The first suggestion is to make sure you do not have any remote desktop protocol (RDP) ports open on your network. Whenever Net Friends is called in to clean up after a ransomware attack, we’ve observed that attacks on RDP are the #1 factor associated with the start of ransomware attacks on small businesses.
The best place to start is having a written company policy that prohibits RDP at your business. There are multiple alternative ways to remotely connect to a server, and RDP is just too vulnerable, often targeted by cyber criminals, and too expensive to appropriately secure and monitor.
If you aren’t sure if you have RDP somewhere on your network, check out our minimally technical method of verifying this for yourself. Of course, a company like Net Friends can perform that assessment for you as well, but since we’re focused on zero cost security improvements, it’s best to start first with a policy that prohibits RDP.
Go to Net Friends' Step-by-Step Guide on How to Eliminate RDP Vulnerabilities
Pro-Tip #2: Implement an Acceptable Use Policy
Another suggestion is to adopt an Acceptable Use Policy (AUP) and train every staff member in your business to follow guidelines for the appropriate use of technology assets. An AUP is typically a few pages that outline your business’ security principles and requirements and usually requires a signature to confirm that each employee agrees to abide by it.
This policy should cover how data needs to be protected, how passwords are to be handled and used, and various practices that you expect an employee to engage in that promote a secure computing work environment.
Pro-Tip #3: Consider Additional Security Verifications
The third suggestion is to create a policy that requires additional verification whenever someone requests assistance resetting a password, getting around a multi-factor authentication control, or doing anything that bypasses standard authentication controls you have in place.
Pro-Tip #4: Workstation Encryption is a Must
Lastly, require that everyone in your company turn on encryption on for workstations that they use for business.
Start with creating a company policy requiring encryption on all workstation and mobile devices. Turning the built-in encryption on can be done with just a few clicks on either Apple devices or Windows devices.
If you have an internal IT department or an outsourced IT provider like Net Friends, encrypting devices would be something those IT support teams would want to manage for a business. However, the most important thing for any business is to ensure that they have all their workstations encrypted, and it’s less of a priority how that encryption is managed.
Build A Strong Security Culture
At Net Friends, we have a long history of improving our own cybersecurity culture and applying it to our services to promote secure environments for our customers. These are security tips are all services our NetVisor customers benefit from when they work with Net Friends, as we include these in our standard Managed Services offering for no additional cost. We ensure cybersecurity is deeply ingrained in our all of our IT services and IT support offerings. If you’re interested in discovering more with Net Friends, please reach out to us and we’ll help you protect your business and reputation.