Small Business IT Security: Five Starter Steps

Recently, I was asked: What steps can a small company take to prevent their systems and accounts from costly breaches?

Small businesses are often starting from scratch with computing security. Here is a checklist I’ve found useful for getting started on the never-ending IT security journey.

1. Begin using “diceware” to choose strong passwords. This gives small businesses a fighting chance against hackers.

2. Upgrade to a modern web browser. Old browsers are exploitable in known ways. New ones may be exploitable, but likely in unknown ways.

3. Be smart about Wi-Fi. At the office, stop broadcasting the Wi-Fi network ID and protect it with a strong password. This will make the network harder for bad guys to spot and help keep them out if they find it. Companies that have guests can invest in affordable dual-network routers and create an unprotected guest network. At Starbucks where it’s impossible to control the network, consider using VPN to secure the connection between your computer and the office.

4. Begin using HTTPS. Regular HTTP connections to the web transfer data (email, documents, forms) unencrypted. HTTPS, and the HTTPS everywhere plug-in, makes it harder for spies to see what you’re sending over the Net.

5. Activate CloudFlare on the company website. CloudFlare puts a buffer between a website and the bad guys. As a bonus, it’ll speed up most sites by storing them closer to visitors. CloudFlare offers a fantastic free service adequate for most small businesses.

What other small business security steps do you recommend?

Let me know on Twitter @mch82