As a small business owner, you've worked hard to establish your company and achieve success. However, in today's digital landscape, security risks can significantly impact your business if not addressed properly.
To help protect your valuable business information, we've compiled a comprehensive security checklist tailored specifically for small businesses with 1-100 users. Even if you don't have a dedicated IT administrator, following these essential steps can greatly enhance your company's security posture.
*(based on the Official Google Checklist: https://support.google.com/a/answer/9211704?hl=en)
Protect Your Accounts
- Use unique passwords: A strong, unique password is the first line of defence in protecting user and admin accounts. Encourage your employees to create passwords that are not easily guessed, such as using the first letter of each word in a long sentence. Additionally, discourage password reuse across different accounts, like email and online banking. Create a strong password & a more secure account.
- Require extra proof of identity for admins and key users: Implementing 2-step verification (2SV) can prevent unauthorised access even if someone manages to steal a password. 2SV requires users to verify their identity through something they know (password) and something they have (physical key or access code). Enforce 2SV for admins and users who handle sensitive data, such as financial records and employee information. Protect your business with 2-Step Verification | Deploy 2-Step verification.
- Add recovery information to admin accounts: Ensure your admin adds a recovery phone number and email address to their account. This allows Google to send a new password via phone, text, or email if the admin forgets their password. Add recovery options to your administrator account.
- Get backup codes ahead of time: If a user or admin loses access to their 2SV method (e.g., losing their phone or security key), they won't be able to sign in to their account. To prevent this, admins and users with 2SV enabled should generate and print backup codes, storing them in a secure location. Generate and print backup codes.
- Create an additional super admin account: Your business should have more than one super administrator account, each managed by a separate person. This ensures that if the primary super admin account is lost or compromised, the backup super admin can perform critical tasks while the primary account is recovered. Assign administrator roles to a user.
- Keep information on hand for super admin password reset: If a super admin can't reset their password using email or phone recovery options, and another super admin isn't available to reset the password, they can contact Google Support. Keep account information and DNS credentials in a secure place for identity verification purposes. Security best practices for administrator accounts.
- Super admins shouldn't remain signed in to their account: To minimise the risk of malicious activity, super admins should sign in only when performing specific administrative tasks and sign out immediately after. For daily administrative tasks, use an account with limited admin roles. Pre-built administrator roles | Security best practices for administrator accounts.
- Enable auto-update for apps and Internet browsers: Ensure your users enable auto-update for their apps and Internet browsers to receive the latest security updates. If you use Chrome, you can configure auto-update for your entire organisation. Auto-update policies (Chrome).
================================
Grade your organisational risk with our comprehensive cybersecurity quiz.
🎯 Grade Your Organisational Risk: CLICK HERE
================================
If You Use Gmail, Calendar, Drive, or Docs
- Turn on enhanced pre-delivery message scanning: Phishing attempts to trick users into revealing sensitive information through malicious emails. Enable enhanced pre-delivery message scanning in Gmail to help catch email that previously might not be identified as phishing. Help prevent phishing with pre-delivery message scanning.
- Turn on additional malicious file and link screening for Gmail: Enable additional safety checks for attachments, links, and external images in Gmail to protect against malicious programs, such as computer viruses. Advanced phishing and malware protection.
- Make sure email recipients don't mark your email as spam: Set up Sender Policy Framework (SPF) for your domain to identify which mail servers are allowed to send email on behalf of your domain. This prevents your messages from bouncing or being marked as spam. Authorise email senders with SPF.
- Restrict calendar sharing with people outside your company: Limit external calendar sharing to free/busy information only to protect sensitive information in user calendars. Set calendar visibility and sharing options.
- Limit who can see newly created files: Specify that only the user who creates a file can open it until they explicitly share the file by turning Link Sharing off. Set the default for link sharing.
- Warn users when they share a file with people outside your company: If you allow users to share files with external people, enable a warning prompt to confirm they want to share the file with someone outside of your company. Don't let users in your organisation share with anyone.
By following this comprehensive security checklist, you can significantly enhance the protection of your small business's valuable information and mitigate potential security risks. Stay vigilant, and keep your employees informed.
Grade your organisational risk with our comprehensive cybersecurity quiz.
🎯 Grade Your Organisational Risk: CLICK HERE
================================
Our quiz is more than just a set of questions; it's a window into your organisation's cybersecurity posture. By participating, you're not just testing your knowledge; you're evaluating your organisation's readiness against cyber threats.
- Easy to Understand: No technical jargon, just clear, actionable insights.
- Quick and Efficient: It won't take much of your time, but the insights you gain could save your organisation.
- Empower Your Decision Making: With the knowledge you gain, make informed decisions to enhance your cybersecurity strategy.
As your trusted MSP, we're committed to helping you navigate the complex world of cybersecurity. This quiz is the first step in a journey towards a more secure digital environment for your business.
- Assess Your Risk: Discover how secure your organisation truly is.
- Tailored Insights: Receive personalised feedback based on your responses.
- Stay Ahead: Learn about potential vulnerabilities before they become issues.
Take the Quiz Now and pave the way for a safer digital future for your organisation. Remember, in the realm of cybersecurity, knowledge is not just power – it's protection.
👉 Don't Wait for a Breach to Realise the Importance of Cybersecurity.