The One Thing Small Businesses Can Do to Improve Cybersecurity Immediately

Small business owners often ask, “What’s the one low or no-cost action I can take that will immediately improve the security of my business?” The one thing breaks down to three, but the answer remains simple: enhance password hygiene. Cybersecurity threats continue to rise, and small businesses are prime targets for cybercriminals. Passwords remain the frontline protection for our accounts, and strengthening password practices reduces the risk of breaches and unauthorized access to sensitive data.

Implementing three key steps can make a significant impact:

1. Establish a Strong Password Policy and Control

A robust password policy is essential for securing business accounts. Small businesses should implement the following best practices:

• Require passwords to be at least 12 characters, including uppercase and lowercase letters, numbers, and special characters.
• Enforce a mandatory password change every six months to reduce the risk of credential exposure.
• Allow password paste-ins to encourage the use of password managers and prevent users from resorting to easy-to-remember, weak passwords.
• Limit login attempts by locking accounts after four failed attempts to prevent brute-force attacks.

2. Enable Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) adds an extra layer of security, ensuring that unauthorized access is prevented even if a password is compromised. Businesses should:

• Enable MFA on all online service accounts.
• Ensure that remote desktop protocol (RDP) or Virtual Private Network (VPN) accounts require MFA validation before granting access.
• Mandate MFA for all email accounts, including Microsoft 365 and Google GSuite.
• Consider using hardware security tokens like RSA keys or Yubico YubiKeys for enhanced security.

3. Encourage the Use of Password Managers

Password managers simplify the management of strong, unique passwords for each account, reducing the likelihood of password reuse and weak passwords. To promote their use:

• Hold an educational event to teach employees about password managers and their benefits.
• Assist employees in setting up their password manager service.
• Subscribe to a business-grade password manager for additional security and administrative features.
• Run a contest with incentives to encourage employees to use password managers consistently.

By implementing these three steps, small businesses can significantly reduce the risk of cyber threats. Prioritizing password security is an easy and cost-effective way to protect company data, customer information, and business operations from cyber criminals. A strong password strategy in “the one thing” business owners can easily do to prevent costly security breaches in the future.

Share: