⚡ Get All Content for 20% Off ⚡

10 Questions to Ask When Creating a Cybersecurity Plan for Your Business Practical tips for protecting your company from hackers and other online threats.

By Kim Lachance Shandrow

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

Cybercriminals are increasingly preying on small businesses, which often lack the expertise and resources to adequately protect themselves. Last year, companies with one to 250 employees were the victims of more than 30 percent of all cyber attacks, according to Symantec's 2013 Internet Security Threat Report. That's a threefold increase since 2011.

With larger companies increasing their protections, small businesses are now the low hanging fruit for cybercriminals," says Julius Genachowski, chairman of the Federal Communications Commission.

But your company doesn't have to be vulnerable if you simply take some basic protective measures. Here are 10 key questions to ask when securing your company from cybercriminals:

1. Should I install antivirus software?
Installing antivirus software and keeping it updated is a must for business owners, says Brian Underdahl, author of Cybersecurity for Dummies (Wiley, 2011). Antivirus software detects and removes malware, including adware and spyware, and filters out potentially dangerous downloads and emails.

Underdahl says he uses CheckPoint Software Technologies Ltd.'s ZoneAlarm Extreme Security 2013, a comprehensive antivirus software security package. It costs $54.95 for one year and $84.95 for two years. Other popular, effective antivirus options include Bitdefender Small Business Security ($150 for one year) and Webroot SecureAnywhere Antivirus 2013 ($39.99 for one year).

Related: Cyber Security a Growing Issue for Small Business

2. How should I handle suspicious emails from known and unknown senders?
Never open or reply to an email that seems suspicious, Underdahl says, even if it appears to be from someone you know. And after opening emails, don't click on suspicious links and attachments, he says. If you do, you could fall victim to email-borne financial and identity theft threats, including "phishing scams." Phishing emails, which appear to be from trustworthy sources, such as a bank or an online merchant you have done business with, attempt to acquire private data, including bank account and credit card numbers.

Also, recommend to your employees that they set their email client preferences to show the full address of the sender, not just the display name in the From section of their inbox, says Brett McDowell, senior manager of customer security initiatives at PayPal and a board member at the National Cyber Security Alliance Advise employees to use unique passwords for all business-related accounts online and across your company's information systems. Their passwords should include combinations of upper and lowercase letters, numbers and symbols and should be changed every 60 days or so. Also, never use the same password for different logins and never leave your password written down near your computer, Underdahl says.

McDowell recommends multi-factor authentication to verify an individual's identity, especially for financial transactions. For example, PayPal offers two extra forms of authentication to secure users' financial transactions: the PayPal Security Key, which generates random temporary security codes to verify users when they login, as well as a system that sends security codes via text message to users' mobile phones.

4. Whom should I allow access to my company's critical data?
Administrative login credentials should be given only to key company personnel, such as the CEO, CIO and trusted IT staff. Develop a clear plan that designates which individuals have access to which types of sensitive information, McDowell says.

5. Should I use a firewall to protect my company's internet connection?
Always use a firewall to protect your company's inbound and outbound network traffic. A firewall can help prevent hackers from tapping into your network and to block access to certain websites. They can also be configured to bar employees from sending proprietary data and specific types of emails outside of your network.

Firewalls come standard on most routers and similar consumer network gear. But you can add additional firewall protection for free from ZoneAlarm or Sygate Personal Firewall Free.

Related: Is Your Business Ready for Cyber War?

6. How often should I back up essential company information?
Back up your business's vital information on a regular basis automatically, using a combination of cloud and off-site backup, Underdahl suggests.

Carbonite, an online data backup service for Windows and Mac users, offers encrypted backup storage services for small businesses for $229 to $599 per year. SugarSync is a similar cloud storage provider, with business packages starting at about $550 per year.

7. Should I use data encryption?
Encryption is essential to keeping such data as credit card, bank account and Social Security numbers as safe as possible. Encryption algorithms change information in your computer files into unreadable ciphertext, or "unreadable gobbledygook," as McDowell calls it.

Whether a cybercriminal or a criminal employee walks away with some of your data, encryption would keep you protected because [he or she] wouldn't have the special keys to un-encrypt the data and make sense of it," he says. "Only you would."

If you're using Windows 8 Pro or Windows 8 Enterprise, all your local files and folders are already encrypted via BitLocker Drive Encryption. If you're using Mac OS X Mountain Lion or Mac OS X Lion, FileVault 2 automatically encrypts all your data.

8. How should I communicate company cybersecurity policies to employees?
Create a written security policy that details what employees can and cannot do on the internet while using company devices. Also, provide clear instructions as to how staff (and contract workers, if applicable) should handle vital company and customer data. Repeat your cybersecurity policies often via email and in-person meetings.

9. How can I secure my Wi-Fi network?
Instead of using an older, less secure Wired Equivalent Privacy (WEP) network, Underdahl suggests using Wi-Fi Protected Access version 2 (WPA2), which is widely considered the most current and secure encryption available.

To hide your Wi-Fi network, change the name of your wireless access point or router, also known as the Service Set Identifier (SSID). If you don't, hackers could easily breach your network using the default SSID provided by the router's manufacturer.

For added protection, you can require users to enter a 25- to 64-character alphanumeric Pre-Shared Key (PSK) passphrase.

10. How can I secure company mobile devices?
Mandate that employees create passwords for their devices. Stolen or lost company-owned mobile equipment should be reported immediately to your tech support person or IT staff so that service can be shut off.

Consider installing an app like McAfee WaveSecure (19.99 with a one-year subscription, available for iPhone, Android, BlackBerry and Windows Mobile) that enables you to remotely track the device's SIM card, back up data and remotely lock the device before hackers can get their hands on sensitive company information. For iOS, consider Lookout Inc.'s free app, Lookout Free Backup, Security, Find My Device.

Related: 8 Steps to Creating Stronger Passwords

Kim Lachance Shandrow

Former West Coast Editor

Kim Lachance Shandrow is the former West Coast editor at Entrepreneur.com. Previously, she was a commerce columnist at Los Angeles CityBeat, a news producer at MSNBC and KNBC in Los Angeles and a frequent contributor to the Los Angeles Times. She has also written for Government Technology magazine, LA Yoga magazine, the Lowell Sun newspaper, HealthCentral.com, PsychCentral.com and the former U.S. Surgeon General, Dr. C. Everett Coop. Follow her on Twitter at @Lashandrow. You can also follow her on Facebook here

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

The Remote Side Hustle a 43-Year-Old Musician Works on for 1 Hour a Day Earns Nearly $3,000 a Month: 'All From the Comfort of Home'

Sam Ziegler wanted to supplement his income as a professional drummer — then his tech skills and desire to help people came together.

Business News

Costco CFO Reveals Uncertain Fate of $1.50 Hot Dog and Soda Combo

CFO Richard Galanti reveals that the price will stay the same — but only "for a while."

Business News

The Most Unexpectedly Popular Side Hustle of the Decade Has Low Startup Costs and High Markups

A new report shows that vending machines are a popular investment — and the industry is set to grow up to $3 billion by 2031.

Marketing

Ever Wonder Why Certain Websites Rank Higher Than Yours? This SEO Expert Reveals The Secret to Dominating Search Results

It's often the smart use of SEO, now supercharged with AI, particularly in keyword optimization.

Business News

AI Is Impacting Jobs. Here Are the Gigs Affected the Most, According to an Analysis of 5 Million Upwork Postings

The researcher said in the report that freelance jobs were analyzed first because that market will likely see AI's immediate impact.

Leadership

Former Interrogator Shares 5 Behaviors Liars Exhibit and How to Handle Them

Five deceptive behaviors to look for and how to respond to those behaviors when you encounter them.