Based on my experience working with multiple clients, small and medium businesses are at significant risk by not practicing these simple security measures.
They all look innocuous, here you go.
1. MFA MFA MFA
This is not an option. Please make sure to enable MFA everywhere. Ideally use authenticators (Google, Microsoft - Free) and try to avoid phone number as much as possible. Run away from any application that does not offer MFA. I would go further and recommend to explore using password less authentication (offered by both Microsoft and Google)
2. Strong Passwords
This is a no brainer, but I still see folks using common passwords. Consider using at least 12 characters and not to reuse across applications. Use passphrases than passwords.
3. Password Manager
I recommend google password manager than other commercial ones. You can use it to generate unique strong passwords for each application
4. Anti-Virus
Do not skimp on this; and please make sure the software and signatures are up-to-date.
5. Email
If you are using business basic for your Organization, please consider upgrading to next tier. There may be uplift in cost but well worth it.
6. Encryption
Please make sure your laptops are encrypted. If any of your Organization's laptops are Windows home, please consider to upgrade to atleast Windows Pro. Macs are covered out of the box.
7. Insurance
If your annual revenue greater than 2MM, consider getting cyber security insurance whether your clients required or not. If your revenue is over 5MM and 15+ employees, I'd say this is a must.
I recommend adding items 1, 2, 4 and 6 (atleast) as a requirement to comply with your sub-contractors.
Security Incidents are increasing year over year and small/medium businesses are the most impacted. It is a matter of when and not if.
Please be scared, dont be complacement and be safe.
At Moda Experts, we specialize in Cyber Security and IT Cost Containment for small and medium businesses. Please reach out for any help or guidance.
Comments