The National Institute of Standards and Technology (NIST) revealed that “cybercriminals now view small businesses as a soft target because they don’t have the resources to invest in information security the way larger businesses can.” Hence, major cyberattacks have now been directed at small businesses.
Furthermore, 2022 may come with new tactics and techniques from cybercriminals that may catch many businesses unaware and unprepared. Therefore, proactiveness is one of the keys to cyber resilience.
As 2022 unfolds, businesses should be concerned about their cybersecurity posture and how to stay ahead of cyber threats in the new year. There are salient questions that should be asked which require sincere answers.
These questions will help to assess the current cybersecurity posture of your business and help you to adjust where necessary. Also, the questions will help you carry out a business analysis that will reveal areas of the business that need urgent attention from a cybersecurity perspective.
10 Cybersecurity Questions Small and Medium Businesses Should Ask in 2022
1. Does your business have a policy that enforces password best practices?
Weak passwords have contributed to many successful cyberattacks directed at organizations and often time, this is due to a lack of password policy implementation and poor password practices among employees. This year, implement a password policy that covers several password best practices such as frequent change of password, strong password etc.
2. Is your business complying with regulations and standards?
Compliance with regulatory requirements will save a lot of cyberattack consequences because most of these requirements will help your business to scale its cybersecurity posture to meet industry standards, thereby reducing cyber risk.
3. Do you have firewalls implemented on your business network?
Firewalls are software or hardware security appliances that monitor and filter the inflow and outflow of network traffic on your system or computer network to allow or disallow legitimate or malicious network traffic respectively. Implementing firewalls will help you block unusual or malicious traffics from your organization’s network.
4. Is all your company’s system patched including hardware and software?
Most of the successful cyber-attacks in the past year leveraged unpatched systems. Ensure you always patch all systems including hardware, firmware, and software to apply the latest updates to not fall prey to hackers.
5. Are all your company’s devices protected with antimalware and antivirus?
There are known viruses that some antiviruses are capable of detecting based on their signatures and heuristics. Updating your antimalware and antivirus software regularly is a cybersecurity best practice that will keep the health of your hosts in check from a virus perspective. Protect all your company’s devices with cutting edge antivirus and antimalware.
6. Do you use two-factor authentication?
Two factor authentication will add another layer of data security to your Information System. It will help to identify and validate legitimate users interfacing with your system, network or data.
7. Are you practicing the principle of least privilege?
Do not give an employee access that surpasses their level of privilege. The access given to individual employees should be based on their roles and duties. This will help you secure your business data from data leakage.
8. Do you back up all your data and files?
Always have a backup plan in place. Implement a 3-2-1 backup strategy where you have three copies of your data, that is, your production data and two backup copies on two different media e.g., disk and tape with one copy off-site for disaster recovery.
9. Are your employees trained to recognize phishing emails?
Security specialists HMH Consultants has revealed that 95% of cybersecurity data breaches are caused by human error. Train your employees on phishing intelligence and how to recognize social engineering tactics and techniques. This will help you to build human firewalls around your business.
10. Are your websites properly protected?
Keep your website platform and software up-to-date. Ensure that your content management system, plugins, apps and any scripts installed are updated. Implement a Web Application Firewall (WAF) to monitor and filter traffic to your website. If your website is unsecured, it can be highly susceptible to various cyberattacks.
When you answer these questions, you can begin to implement the various cybersecurity strategies that will help you stay ahead of cybercriminals and start the new year more secure with strong cybersecurity platforms.
With over 15 years of Security Experience in both physical and cyber security, HMH Consultants can help your business with optimal security solutions and ongoing support to ensure that you and your business have greater resilience for all threats.