Cybersecurity Checklist for SMB Employees

What is your network’s greatest vulnerability?

It’s your employees.

Why? Because most employees don’t know how to identify phishing scams and other cyber threats. As a result, employees can open the cyber front door for hackers.

And trust me, hackers only need the smallest of cracks to wreak havoc on your network.

So, what can you do to prevent intrusions?

Train your employees on cybersecurity! With security training, your staff becomes your first line of defense.

Not sure where to start? Below is a basic cybersecurity checklist for small business employees. This checklist includes best practices every employee should know and understand.

Always keep your system, software, and web browsers up to date

If you don’t, you’re leaving your system exposed to viruses, malware, and intrusions.

Updates or patches do many things. They fix software bugs, security vulnerabilities, software stability issues, and much more.

Lock down your computer

Leaving a computer running unattended is a bad habit. We recommend that you lock it when you leave your desk for a meeting or lunch.

Unlike logging out, a locked computer doesn’t shut down everything.

Once locked, no one can access it unless they have the computer’s login information. But, at the end of the day, it is important that you log completely off your computer.

Be cautious when online

Don’t open websites that appear suspicious. You should also never open a link or advertisement from an email unless you know who it’s from.

Do the same on social media sites, like Facebook, LinkedIn or Twitter. These links and ads could contain malicious viruses.

Watch out for phishing emails

The best defense against phishing attacks is a spam filter. But sometimes, phishing emails will make it to the inbox even with protection.

Phishing attacks are becoming more difficult to spot, so you must be vigilant. Here are some tips on spotting a phishing email:

1. Who is the real sender? Make sure the sender’s name in the “From” field matches the address between the brackets. If it’s a legit company, the sender should not be using a public account, like Gmail, Yahoo, etc.
2. Check the greeting. Phishing emails will often address the receiver as “valued customer” or something similar. Remember if this email is real, the sender should have your correct information on file.
3. Use your mouse hover. Hackers use fake sites to steal your information. Hover over an email link to see the full URL it will direct you to. Do NOT click the link. If the address isn’t where you’d expect to go, don’t click it.
4. What do they want? Legitimate companies will never ask for personal credentials via email. You should never email your Social Security number, passwords, or other sensitive information.
5. When in doubt, don’t click. If you do not know whether an email is real or fake, don’t click it.

Use strong passwords and usernames

A good password can make a world of difference in protecting your data from hackers. The first rule of good password security is to NEVER use words that can be found in the dictionary.

The same goes for usernames. Also, make sure you avoid common ones such as “User1”.

Check out our 10 Rules for Stronger Passwords post to see if you’re using a strong password.

When possible, use multi-factor authentication (MFA)

MFA is a form of security authentication that requires a user to present two or more factors. In order for the authentication to be complete, the user must confirm each factor.

MFA can be a lot of things. But a common one is when a user first enters a password followed by an SMS code they receive on their phone. For more information on setting up MFA for business accounts, check out this blog.

Conclusion

An essential part of cybersecurity is educating employees to make smart decisions. Your staff can be your greatest vulnerability or one of your best safeguards. This cybersecurity checklist is a good starting point. But at the end of the day, you need more than a checklist to keep your network safe.

Cybersecurity awareness training helps employees protect your business’s data. The training should include:

• Threats overview
• Password policies
• Web protection best practices
• Email protection best practice
• Preventive measures (what if scenarios)
• Simulated phishing attacks.

If you’re not sure how to implement this type of training, MRW Systems is here to help. Under our NetGarde security services, we help train employees on security best practices. To learn more about our services, give us a call at 410-751-7111.