How well protected is your business from cyber threats?
Click to take the AVG Health Check
How well protected is your business from cyber threats?
Click to take the AVG Health Check
Research shows that cybercriminals target businesses because they’re seen as easy targets for stealing customer or employee data and bank details.
Small businesses can’t afford to ignore these cyberthreats, but how at-risk is YOUR business? And what can you do to tackle specific vulnerabilities?
The 17-step AVG Health Check will help assess how secure your business is against online threats, and what actions you can take to secure weak links.
Do you routinely destroy unneeded information: shredding old paper files, physically destroying old hard drives, wiping portable devices, removing and destroying memory and SIM cards, etc?
Do you have a policy to ensure that strong passwords are used across the business?
Do you limit access to data within your company and adopt a strict need-to-know policy?
If you have a Bring Your Own Device (BYOD) policy, do you have the ability to remotely manage and wipe company data from each employee’s device?
Do you know the law on data security and when to notify customers about a breach?
Have you created an internal incident response plan for dealing with data breaches?
Have you created a Data Breach Notification Policy, which is a document you provide to all of your customers, telling them how your business will notify them should a data breach occur?
Have you ensured that third-party partners and vendors are compliant with data security laws?
Do you educate employees on data security policies and procedures, including the need for strong passwords?
Have you determined which members of staff should be trusted to possess administrator privileges?
Have you informed employees about the dangers of accessing cloud-stored data through unsecured wireless networks in public places such as airports and cafes?
Do your employees know to accept all software updates when prompted?
Are all the devices in your business running on the latest available operating system?
Have you installed firewalls, antivirus, and anti-spyware programs on all devices in your business?
Is your network configured to automatically install security updates?
Does your email provider offer virus and phishing scans?
Are your all servers, hard drives, data storage devices, folders and files encrypted?
Have you reduced to the necessary minimum the number of devices that have administrative access to your company’s servers?
You scored: /17
You know security is a serious issue, but you’re just starting to deal with it. Treat our questions as action points to improve security. Come back and use the AVG Health Check to assess your progress.
You have started to put the training, processes and IT infrastructure in place to keep data secure. But there’s more to do. Review the questions you’ve answered and begin to address the “no” and “don’t know” answers.
You have a good grasp of security issues and have taken steps to keep data secure. But more can be done to train employees, improve IT infrastructure or put policies and procedures in place. Don’t be complacent.
Do you work for AVG? You understand online threats and how to keep your business secure. But threats constantly evolve. Keep your processes and training under review and ensure your IT infrastructure has the best security.
Small businesses can’t afford to ignore the danger of cyberattacks. All the research points to bad actors targeting businesses they see as an easy target for stealing customer or employee data and bank details. Our IT Security Health Check is a starting point for small businesses to gauge how prepared they are – and here are our best practice answers to each of the 17 basic questions.
Small business managers need good information to move their company forward. The Health Check should be used as a general good practice guide only.
Take stock of the data you routinely gather and accumulate – both analogue and digital. Retain only the information you actually use or are required to hold by law. Shred old paper files, physically destroy old hard drives, wipe portable devices, remove and destroy memory and SIM cards.
Only give administrator privileges to those who need them to reduce the risk of cybercriminals getting access to your systems. It’s tempting to allow access to systems and software to anyone in your business who requests it, allowing them to do their job. But each new person in the loop brings additional security risks as any compromised device they have may now give access to any other system or software they log into. By limiting access and making a finite number of administrators responsible for certain systems you limit this risk – especially as there is also a risk of internal espionage/sabotage if employees become disgruntled and seek revenge later in their careers. Another way to tackle this is by regular changing of passwords
Even with limited access, you should still train every employee in safe computing practices.
It is important to know what your legal obligations, especially when to notify customers about a breach.
Determine which member(s) of staff should be trusted with administrator privileges (the level of access that allows the installation of new software and the changing of configuration settings). By limiting such privileges to the smallest number possible, businesses can reduce the risk of individuals who might – accidentally or purposely – upload malicious software, configure a system to reduce its security or compromise the security of the system itself.
As part of your training programme, inform employees about the dangers of accessing cloud-stored data through unsecured wireless networks in public places such as airports and cafes.
Ensure your staff accept all software updates when prompted. Many staff see software updates as an irritation, especially when the reasons for updates aren’t known. Many software updates – especially endpoint protection – will include security patches that help keep your machines protected against new and emerging threats. By denying updates, your employees may be opening up the business to the latest cyberattack methods.
It may sound obvious, but it is essential to ensure that every device in your business is running the latest available operating system versions. A key vulnerability to 2017’s WannaCry ransomware attack was old versions of Windows. As app and software developers react to emerging and existing cyberthreats, devices running old versions of software may not be included in essential updates and become vulnerable to attack.
Install firewalls, antivirus, and anti-spyware programs on all devices in your business and configure them to automatically update. Antivirus software is the best defence against cybercrime and data breaches as software developers such as AVG Business have large teams of threat trackers who spend their lives detecting new threats, creating solutions and rolling them out to their customers’ devices t keep them protected. In buying antivirus, businesses not only buy software, but they are also buying a team of experts to continually keep them and their data secure.
Though mentioned in two of the above points, it is essential to configure any software to update automatically, where possible. This is to ensure that security patches are up to date and all aspects of your business remain protected as new threats emerge. All it takes is a cybercriminal to find one weakness in one piece of out-of-date software on an employee’s computer to compromise the whole network.
Ensure your provider offers virus and phishing scans of your emails. Email remains a key point of entry for cybercriminals – especially ever-complex social engineering scams that can involve criminals pretending to be trusted sources and attaching viruses that look like PDFs or other files.
Make sure that all your servers, hard drives and data storage devices are encrypted. As well as encrypting certain critical hardware encrypt key folders and files on devices. Use strong passwords to support encryption protection – your encryption isn’t worth much if access to the password is readily available!
Small businesses are the engines of economic growth and innovation. But they are also targets for cybercriminals intent on stealing valuable data. It might be staff records with social security numbers and salary details, banking and payment data or customer account information.
A key part of the challenge is to have secure IT infrastructure in place. But you also need to ensure employees understand risks posed by cybercriminals and that your business has the processes in place to deal quickly with any security breach.
This 17-step IT security health check can give small business owners (SMBs) a snapshot of how secure their business is against online threats.
The key issue is that of awareness. Action comes from the top, and if business owners and managers are unaware of the threats, little will – or can – be done. SMBs’ focusses and areas of expertise are rarely that of internet security, so it is no surprise that is isn’t front of mind. Only when a business is subject to attack does it become so, by which time it is too late. So, it essential that SMBs organise or empower others to protect your business through cybersecurity: training and infrastructure.
As a small business owner or manager, are you aware of the following threats that could be leaving your business open to attack?
It may that you’re addressing some of this, but one weak link is all it takes to allow in perpetrators. For example: if one of your employees uses unsecured public wi-fi in a café on a device they use to access private or sensitive company data, bad actors may be able to use this as a point of entry into the wider company network. This can give them access to hard drives, devices/endpoints and software, allowing them to steal or leak data, or stage ransomware attacks.
By taking our IT Security Health Check you will learn how well protected your business is and specific areas for improvement.