Small Business Cybersecurity Checklist Part 2-Recommended Additions

In our last post we looked at the eleven must have items that a company ought to have in place to meet the bare minimum of cybersecurity essentials.  In today’s post we are looking at another ten highly recommended cybersecurity practices.

  • Beware of emails bearing links or attachments, or that are requesting personal information, user credentials, or credit card or banking information.  It is a good practice to call the sender to confirm the contents on any attachment or the destination of a web link.  A good resource for checking attachments and links can be found at VirusTotal.
  • Beware of pop-up windows and error messages.  Often these indicate the presence of malware, and many of them are actually created by the malware they pretend to detect. Disconnect from the Internet before clicking on or even closing a suspicious pop-up window.  Search Google to confirm the meaning and validity of error messages.
  • Secure your online banking by using a dedicated system running Linux or even something like a Google Chromebook.  Most banking Trojans work in Windows systems only.  Or consider using a Live CD, which is a CD or DVD that contains a bootable operating system and a web browser.  Since nothing can be added to the CD, there is no way for malware to gain a foothold.
  • When hiring new employees run a financial and criminal background check. If there were problems before, what are the chances they aren’t bringing them to the office.
  • Restrict web surfing to users with administrative privileges.  Users with restricted privileges will often be unable to install malware, and without administrative privileges hackers who are gaining a toehold in your network will have more difficulty achieving their objective.
  • Avoid unnecessary software downloads, and limit who can install software.  Be careful with freeware.  While there are plenty of great open-source products, there are many that come with advertising or other hooks.  Before installing anything, check it out on Google to see if there are security issues with your freeware “find.”
  • Recycle your old computers properly.  This does not mean just being “green.”  It also means that hard drives are wiped before recycling, or better yet, destroyed completely.  Our recycler uses a hammer mill to pulverize hard drives into dime sized shreds.
  • Be alert for social engineering.  This is deceptive approaches that can happen over the phone, in person, or electronically.  Anyone looking for personal information, user credentials, or other data may just be doing research for their next exploit, with you as the target.
  • Find a cybersecurity expert to put in your hip pocket.  You may be completely satisfied with your current IT support, but they are unlikely to have the credentials, training or experience you need to implement your cybersecurity program, or in the event of a security breach.

Taking your business to the next level will decrease the likelihood that your business will be a victim of cybercrime.  You will probably need the services of a cybersecurity professional to implement many of these ideas.

For a deeper look at this issue, please check out the following link.

NIST:  Small Business Information Security: The Fundamentals


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.