Cybersecurity Do’s and Don’ts for Small Businesses


Running a small business means crossing the T’s and dotting the I’s at every turn. You know that you have to pay attention to details, and that extends to how you handle online security when your employees go remote. If the 2020 pandemic taught us anything, it’s that it was much easier to move into a virtual workspace than we thought possible. But there are still some kinks to work out, and cybersecurity tops the list.


If you are looking for ways to keep your company safe, keep reading for a few do’s and don’ts that can help you avoid a digital data disaster.


Don’t assume your employees have the same level of protection at home.


First things first, you should understand that there will be different levels of security in different people’s homes. Unless your IT department has personally verified that your employees’ home networks and devices are safe, do not assume they are. Make a plan to ensure that each remote worker has a secure connection, which should include access to a VPN or remote desktop.


Do have a plan in place in case of a cyberattack.


There are numerous attacks small businesses can fall victim to, so it’s wise to not only stay up to date on the latest types of attacks but to also have a plan in the works should your company fall victim. Ransomware, for example, is a common attack, and is essentially a computer virus that locks you out of your data. Once an attacker locks you out, they will try to extort you into sending them money. If you don’t comply, you lose your files. You’re more likely to bypass this and other cyberthreats if you partner with a solutions company that constantly monitors your data for changes and that helps you formulate a rapid-response disaster recovery plan, including creating backups that are only accessible to key personnel so you can be up and running following an attack in no time.


Don’t let employees use personal computers for remote work.


Chances are, employees that went remote at the start of the pandemic are still using their personal computers for work. While this might have been necessary in the early days, if you plan to keep them out of the office, it might be a smart move to invest in dedicated computers. This way, you can control the types of hardware and software they use. You can also deny access to social media and other websites that might inadvertently introduce malware into your network.


Do request that remote workers create a separate wifi connection for guests.


When your employees are working from home, their wifi may be accessible by their children, friends, and other family members. It’s reasonable to request that they create a second network specifically for guests. This offers a layer of protection since viruses introduced on the secondary network can’t penetrate your primary connection.


Don’t use the same password for everything.


Using the same password for your websites and systems is like using the same key for every door you have to open. If a criminal steals one, they have access to everything associated with that password. Require long and complex passwords that are more difficult to break on all of your work devices.


Do watch for phishing traps.


As part of your ongoing cybersecurity training, make sure that your employees understand how to watch for and avoid phishing schemes. Phishing emails typically create a sense of urgency or are delivered by unknown senders with attachments the recipient doesn’t expect. Phishing.org offers many tips on how to protect against unscrupulous emails, including adding spam filters.


Don’t play social media quizzes. 


We’ve all seen them: “fun” quizzes that show us our elf or fairy name. This is one of the oldest tricks in the book that hackers can use to gain access to personal information, such as date of birth, children’s names, and even telephone numbers. This data may also be used to figure out passwords, which is another reason why long-form passwords should be required for all employees.


You do not have to have a degree in cybersecurity to help keep your business safe. From establishing a relationship with an IT provider that can get you out of hot water to training your employees on how to spot schemes, the above do’s and don’ts can help keep your business safe from an attack as you learn to stay efficient and effective in a remote work situation. Explore IT Tropolis’ suite of comprehensive services and solutions to see how they can help. Reach out for a quote today.