10 Questions to Ask When Creating a Cybersecurity Plan for Your Business Practical tips for protecting your company from hackers and other online threats.

By Kim Lachance Shandrow

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

Cybercriminals are increasingly preying on small businesses, which often lack the expertise and resources to adequately protect themselves. Last year, companies with one to 250 employees were the victims of more than 30 percent of all cyber attacks, according to Symantec's 2013 Internet Security Threat Report. That's a threefold increase since 2011.

With larger companies increasing their protections, small businesses are now the low hanging fruit for cybercriminals," says Julius Genachowski, chairman of the Federal Communications Commission.

But your company doesn't have to be vulnerable if you simply take some basic protective measures. Here are 10 key questions to ask when securing your company from cybercriminals:

1. Should I install antivirus software?
Installing antivirus software and keeping it updated is a must for business owners, says Brian Underdahl, author of Cybersecurity for Dummies (Wiley, 2011). Antivirus software detects and removes malware, including adware and spyware, and filters out potentially dangerous downloads and emails.

Underdahl says he uses CheckPoint Software Technologies Ltd.'s ZoneAlarm Extreme Security 2013, a comprehensive antivirus software security package. It costs $54.95 for one year and $84.95 for two years. Other popular, effective antivirus options include Bitdefender Small Business Security ($150 for one year) and Webroot SecureAnywhere Antivirus 2013 ($39.99 for one year).

Related: Cyber Security a Growing Issue for Small Business

2. How should I handle suspicious emails from known and unknown senders?
Never open or reply to an email that seems suspicious, Underdahl says, even if it appears to be from someone you know. And after opening emails, don't click on suspicious links and attachments, he says. If you do, you could fall victim to email-borne financial and identity theft threats, including "phishing scams." Phishing emails, which appear to be from trustworthy sources, such as a bank or an online merchant you have done business with, attempt to acquire private data, including bank account and credit card numbers.

Also, recommend to your employees that they set their email client preferences to show the full address of the sender, not just the display name in the From section of their inbox, says Brett McDowell, senior manager of customer security initiatives at PayPal and a board member at the National Cyber Security Alliance Advise employees to use unique passwords for all business-related accounts online and across your company's information systems. Their passwords should include combinations of upper and lowercase letters, numbers and symbols and should be changed every 60 days or so. Also, never use the same password for different logins and never leave your password written down near your computer, Underdahl says.

McDowell recommends multi-factor authentication to verify an individual's identity, especially for financial transactions. For example, PayPal offers two extra forms of authentication to secure users' financial transactions: the PayPal Security Key, which generates random temporary security codes to verify users when they login, as well as a system that sends security codes via text message to users' mobile phones.

4. Whom should I allow access to my company's critical data?
Administrative login credentials should be given only to key company personnel, such as the CEO, CIO and trusted IT staff. Develop a clear plan that designates which individuals have access to which types of sensitive information, McDowell says.

5. Should I use a firewall to protect my company's internet connection?
Always use a firewall to protect your company's inbound and outbound network traffic. A firewall can help prevent hackers from tapping into your network and to block access to certain websites. They can also be configured to bar employees from sending proprietary data and specific types of emails outside of your network.

Firewalls come standard on most routers and similar consumer network gear. But you can add additional firewall protection for free from ZoneAlarm or Sygate Personal Firewall Free.

Related: Is Your Business Ready for Cyber War?

6. How often should I back up essential company information?
Back up your business's vital information on a regular basis automatically, using a combination of cloud and off-site backup, Underdahl suggests.

Carbonite, an online data backup service for Windows and Mac users, offers encrypted backup storage services for small businesses for $229 to $599 per year. SugarSync is a similar cloud storage provider, with business packages starting at about $550 per year.

7. Should I use data encryption?
Encryption is essential to keeping such data as credit card, bank account and Social Security numbers as safe as possible. Encryption algorithms change information in your computer files into unreadable ciphertext, or "unreadable gobbledygook," as McDowell calls it.

Whether a cybercriminal or a criminal employee walks away with some of your data, encryption would keep you protected because [he or she] wouldn't have the special keys to un-encrypt the data and make sense of it," he says. "Only you would."

If you're using Windows 8 Pro or Windows 8 Enterprise, all your local files and folders are already encrypted via BitLocker Drive Encryption. If you're using Mac OS X Mountain Lion or Mac OS X Lion, FileVault 2 automatically encrypts all your data.

8. How should I communicate company cybersecurity policies to employees?
Create a written security policy that details what employees can and cannot do on the internet while using company devices. Also, provide clear instructions as to how staff (and contract workers, if applicable) should handle vital company and customer data. Repeat your cybersecurity policies often via email and in-person meetings.

9. How can I secure my Wi-Fi network?
Instead of using an older, less secure Wired Equivalent Privacy (WEP) network, Underdahl suggests using Wi-Fi Protected Access version 2 (WPA2), which is widely considered the most current and secure encryption available.

To hide your Wi-Fi network, change the name of your wireless access point or router, also known as the Service Set Identifier (SSID). If you don't, hackers could easily breach your network using the default SSID provided by the router's manufacturer.

For added protection, you can require users to enter a 25- to 64-character alphanumeric Pre-Shared Key (PSK) passphrase.

10. How can I secure company mobile devices?
Mandate that employees create passwords for their devices. Stolen or lost company-owned mobile equipment should be reported immediately to your tech support person or IT staff so that service can be shut off.

Consider installing an app like McAfee WaveSecure (19.99 with a one-year subscription, available for iPhone, Android, BlackBerry and Windows Mobile) that enables you to remotely track the device's SIM card, back up data and remotely lock the device before hackers can get their hands on sensitive company information. For iOS, consider Lookout Inc.'s free app, Lookout Free Backup, Security, Find My Device.

Related: 8 Steps to Creating Stronger Passwords

Kim Lachance Shandrow

Former West Coast Editor

Kim Lachance Shandrow is the former West Coast editor at Entrepreneur.com. Previously, she was a commerce columnist at Los Angeles CityBeat, a news producer at MSNBC and KNBC in Los Angeles and a frequent contributor to the Los Angeles Times. She has also written for Government Technology magazine, LA Yoga magazine, the Lowell Sun newspaper, HealthCentral.com, PsychCentral.com and the former U.S. Surgeon General, Dr. C. Everett Coop. Follow her on Twitter at @Lashandrow. You can also follow her on Facebook here

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Side Hustle

I Started a Semi-Passive Side Hustle That Earns $33,000 a Week on Amazon: 'Selling There Is a No-Brainer'

Dr. Jenny Woo wanted to create a product that would help people connect, and it turned out to be a lucrative one.

Marketing

How Augmented Reality Is Transforming the Marketing Landscape — and How Your Business Can Leverage It Effectively

How can physical goods be endowed with digital content? What is phygital marketing, and why will everyone be involved in it in the next five years? Here's what you need to know.

Business News

X Is Losing Users and Struggling to Attract Creators, According to New Data

The company, which is owned by Elon Musk, says that 1.7 million people join the platform every day.

Science & Technology

Why You Should Incorporate AI into Your Business — and How to Do It the Right Way

The proliferation of generative AI tools has made the technology ever more accessible and relevant. Here's how you can apply it to your business as well.

Money & Finance

You Might Spend Unnecessary Money If You Don't Stay on Top of Your Expenses. Here's How to Manage Them.

Nothing makes paying taxes even more onerous — or gets in the way of a firm understanding of how a business is performing — than ineffective expense management. Use these five expense management tips to not merely survive as a business, but thrive.