Small businesses deploy an array of technology to better serve their customers and manage their operations. However, different technologies come with different types of risk and require specialized strategies to protect them. We created these "Quick Wins" as a starting point for your own security awareness training content.
Quick Wins for Copier/Printer/Fax Security
- Ensure devices have encryption and overwriting
- Take advantage of all the security features offered
- Secure/wipe the hard drive before disposing of an old device
- Change the default password to a strong and unique passphrase
- Learn More from the FTC
Quick Wins for Email Security
- Require strong, unique passphrases on email accounts
- Turn on two-factor authentication
- Do not use personal email accounts for company business Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source.
- Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful email
- Learn More from IC3
Quick Wins for File Sharing
- Restrict the locations to which work files containing sensitive information can be saved or copied If possible, use application-level encryption to protect the information in your files
- Use file-naming conventions that don’t disclose the types of information a file contains
- Monitor networks for sensitive information, either directly or by using a third-party service provider
- Free services do not provide the legal protection appropriate for securing sensitive information
- Learn More from the FTC
Quick Wins for Mobile Devices
- Update security software regularly. Go ahead, update your mobile software now.
- Delete unneeded apps and update existing apps regularly
- Always download apps from a trusted source and check reviews prior to downloading
- Secure devices with passcodes or other strong authentication, such as fingerprint recognition
- Turn off Discovery Mode
- Activate “find device” and “remote wipe”
- Configure app permissions immediately after downloading
- Learn More
Quick Wins for Point-of-Sale Systems
- Create unique, strong passphrases
- Separate user and administrative accounts
- Keep a clean machine: Update software regularly
- Avoid web browsing on POS terminals
- Use antivirus protection
- Learn More from PCI Security Standards
Quick Wins for Routers
- Change from manufacturer’s default admin password to a unique, strong passphrase
- Use a network monitoring app to scan for unwanted users
- Restrict remote administrative management Log out after configuring
- Keep firmware updated
- Learn More from US-CERT
Quick Wins for Social Networks
- Limit who has administrative access to your social media accounts
- Set up 2-factor authentication
- Configure your privacy settings to strengthen security and limit the amount of data shared. At the very least, review these settings annually
- Avoid third-party applications that seem suspicious and modify your settings to limit the amount of information the applications can access.
- Make sure you’re accessing your social media accounts on a current, updated web browser
- Learn More from US-CERT
Quick Wins for Software
- Make sure your computer operating system, browser, and applications are set to receive automatic updates
- Ensure all software is up to date.
- Get rid of software you don’t use Your company should have clear, concise rules for what employees can install and keep on their work computers
- When installing software, pay close attention to the message boxes before clicking OK, Next or I Agree
- Make sure all of your organization’s computers are equipped with antivirus software and antispyware. This software should be updated regularly
- Limit access to data or systems only to those who require it to perform the core duties of their jobs
- Learn More
Quick Wins for Third Party Vendors
- Spell out your privacy and security expectations in clear, user-friendly language to service providers
- Understand how their services work and to what you are giving them access
- Build in procedures to monitor what service providers are doing on your behalf
- Review your privacy promises from the perspective of a potential service provider
- Spell out expectations and scope of work in a formal agreement/contract
- Learn More from the FTC
Quick Wins for USB Drives
- Scan USBs and other external devices for viruses and malware
- Disable auto-run, which allows USB drives to open automatically when they are inserted into a drive
- Only pre-approved USB drives should be allowed in company devices. Establish policies about the use of personal, unapproved devices being plugged into work devices
- Keep personal and business USB drives separate
- Don’t keep sensitive information on unencrypted USB drives. It is a good practice to keep sensitive information off of USB drives altogether
- Learn More from US-CERT
Quick Wins for WebsiteSecurity
- Keep software up-to-date
- Require users to create unique, strong passphrases to access
- Prevent direct access to upload files to your site Use scan tools to test your site’s security – many are available free of charge
- Register sites with similar spelling to yours
- Learn More from the FTC
Quick Wins for Wi-Fi Security
- Use separate Wi-Fi for guests or customers than you do for business
- Physically secure Wi-Fi equipment
- Use a virtual private network (VPN) when using public Wi-Fi
- Do not connect to unknown, generic or suspicious Wi-Fi networks. Use your mobile carrier’s data plan to connect instead
- Turn off Wi-Fi and Bluetooth when not in use on your devices
- Secure your internet connection by using a firewall, encrypt information and hide your Wi- Fi network
- Learn More from the FTC
Additional Resources
Check out this free content you can use to design your own cybersecurity awareness program
- Resources and articles from www.staysafeonline.org
- Federal Trade Commission’s cybersecurity awareness publications bulk order site
- Federal Inter-Agency Ransomware Guidance: How To Protect Your Networks from Ransomware: