Seven Simple Ways to Strengthen Your Business Security
Seven Simple Ways to Strengthen Your Business Security
A little over a week ago, Microsoft issued their Digital Defense Report 2025. The report gave me a few thoughts to ponder right away starting in the introduction. If you don't read it, I'm okay to relay to you that the authors desire you to 'read it with a bias towards action'.
I want to help you with that and I think it is important. October is Cybersecurity Awareness Month and I have seen a theme echoed on several platforms like LinkedIn, that cybersecurity awareness month may just be cybersecurity experts talking to other experts, while many people skip right by. I saw one statement that stuck with me this month, that there is a lack of conversion happening. Is October's multitude of cybersecurity messaging helping the right people at the right time? If you're not a cybersecurity expert are you seeing this cybersecurity blitz of October as a late night white TV screen of noise? (for those who remember, TVs used to do that.)
Well, at the risk of new noise… once more into the data breach.
I read the 85-page report, so you don't have to, but it is worth the read. I created some actions for the small and medium business owner, person, IT team. So if you don't read it, you can still have that bias to action. By the way the report already includes a top 10 list of recommendations. It is an excellent list but I made it seven and focused on the perspective of the small and medium business.
1. Treat Security Like Everyday Safety
Think of protecting your business online just like locking your doors. Don't let it fall to the bottom of your to-do list. Digital defense must be a top priority; make somebody responsible for it. Pick someone who keeps an eye on things, or take turns so it gets regular attention.
2. Double-Check Who's Really Logging In
Passwords can be easy for bad guys to guess or steal. They really are no longer enough and it is the number one way businesses are compromised. Add another layer, a code from an app or a physical key, so only the right people get in. You often hear it referred to as multi-factor authentication. 2FA or MFA. Passkeys are also very cool. TIP: Get the whole company a password manager, they can often save time, even though you've added another layer. Counter-intuitive, perhaps. :)
3. Help Your Team Spot Tricksters
Scammers try to fool people with fake emails, links, and messages. Show your team what these look like so they don't fall for it, and do practice tests every once in a while to keep everyone sharp. Just start a conversation on who got the most obvious fake text this weekend each Monday. Mine was from Emily, her boss thinks I am a great fit for a new role! ( I am very excited about that! ) These emails, texts, and messages all pull on emotional strings. This conversation can change your culture from reactive to proactive, a big difference in defense.
4. Keep Technology Fresh
Old computers and programs are easier to break into. Update apps, devices, and even cloud tools when you see a prompt. Turn on auto-update when you can so it happens without you thinking about it. I would even advise rebooting your phone daily. It helps.
5. Know What You've Got and Who's Using It
Keep a list on paper (not of your passwords), in a spreadsheet (again not of your passwords), whatever works, of your computers, phones, and the services you use online. Cross off things you no longer use, and change passwords or shut down accounts for ex-employees, preferably before they leave the building. Elvis.
6. Have a 'Just-in-Case' Plan
Regularly back up files somewhere safe, like another computer or a secure cloud folder. There is a 3-2-1 rule for that. Keep 3 copies of your data, on 2 different types of storage, with one copy stored offsite. As important as having backups is practicing how you'd get your information back if things go wrong, and write down your plan for what to do if you're hacked or locked out.
7. Work Together
Chat with other business owners, join local groups, and sign up for news alerts about online threats. Ask questions, and share info so you're not facing problems alone. Chat up your local cybersecurity expert; that person already talks too much and will be happy to chime in.
Stringing these things together will make your whole team safer online; you don't need fancy titles or even tech expertise. While no system is perfect you can look at it this way, if you do these things you are running much faster than the other guy that is still picnicking obliviously as the berserker cyber-bear bursts into the clearing.