Any company, regardless of size, can eliminate potential vulnerabilities and boost its cyber defenses at little or no cost. If you have a budget for security, there are more comprehensive website security tools to consider--many specifically designed for small businesses--that are affordable, customizable, and manageable. Either way, don't wait to boost your defenses against cyberthreats.

Websites are attacked 58 times per day on average, according to a SiteLock report from Q2 2018. Unbeknownst to many, small and medium-sized businesses constantly face the same threats that large enterprises face--but without the same enterprise-size security budget or resources to help protect themselves. According to a report from Ponemon Institute and Keeper Security, the percentage of small businesses that have experienced a cyberattack rose from 55 percent in 2016 to 61 percent in 2017.

As the threat landscape continues to evolve at a rapid pace, cybersecurity should be a major focus for small businesses--but it doesn't need to be expensive or complicated. Here are five simple steps to boost your defenses against cyberattacks without impacting your budget.

1. Create Strong Passwords

The old way of basing a password on something that you can easily remember won't cut it anymore. Current guidelines for creating a strong password recommend using at least eight characters, upper and lower-case letters, numerals, symbols--even emojis.

As a best practice, strong passwords should never reference personal information or include common words. Although creating strong passwords for every site you visit may seem like a daunting task, a password generator can do the work for you and ensure they are unbreakable. Leveraging a password management tool such as LastPass is a quick and easy way to store and retrieve different passwords.

Once you have created a strong password, make sure it passes the test. A site like How Secure is My Password can evaluate the strength of a password you're considering. Other sites, such as Haveibeenpwned.com, can tell you if the password you're considering has ever been part of a data breach.

2. Use two-factor authentication.

Two-factor authentication is a mechanism that double-checks login credentials to ensure that you are who you claim. Your username and password typically comprise the first factor upon logging into an account. The second factor could be something you know--a PIN code, an answer to a secret question, or an image that you selected. It could also be something you have, like a smartphone, token, chip card, or key fob. A second factor could be something biological detected by technologies like voice recognition, fingerprint scanning, or retina scans.

3. Delete unused accounts.

While it may seem harmless to leave unused accounts active, such as email or company server logins, this is actually a security threat. Hackers can use any personal information they find online or on social media to guess login credentials and gain access to these accounts.

It's a good idea to regularly go through digital assets that require authentication and remove any user accounts associated with employees who have left the company or applications no longer in use. It's also a good practice to review all of the accounts your email is associated with, such as third-party social media services, and visit each site to delete the account if it is no longer needed.

4. Delete unused applications.

Similar to deleting unused accounts, deleting out-of-date or unused applications, such as email clients, on both your desktop and mobile devices costs nothing and helps eliminate hidden vulnerabilities. For example, if you have software that is no longer supported or in use, they could have unpatched vulnerabilities that leave your entire system exposed to cyberattack.

Applications installed on smartphones or other mobile devices may also carry security risks if they are no longer supported by their developers. It's important to ensure that all applications running on your mobile devices are receiving regular security updates, or simply uninstall them if they are no longer in use.

5. Update website software and plugins.

Many small businesses rely on open source website applications like WordPress and Drupal to power their company websites. While these applications make creating a website easy, they can also be vulnerable to cyberattacks if left unattended.

Protect your website by keeping content management system (CMS) applications and plugins up to date. Software updates often address security vulnerabilities, as well as fix bugs or add functionality.

For example, if you use WordPress, log in and ensure you are running the latest version--WordPress tells you if you are current. WordPress also lists the plugins on your site that have updates available. Remember to check software on internet-connected devices for current versions as well.

Published on: Feb 26, 2019