It’s a misconception that only large businesses get targeted by cyber-criminals. Small to mid-size businesses account for 62 percent of all cyber-breaches each year, 9 and the costs of each incident can be high.
Unfortunately, your internet provider has little control over the dozens of ways you could be attacked. Your internet provider simply provides the channel; the data that travels through it and the scripts that tell the data where to travel are controlled by end users and the programmers they do and don’t trust. But data security is so crucial to the survival of a business that we felt it important to address in this guide.
There is one way an internet service provider can help you protect business data: with a VPN. We’ll explore VPNs first and then advise you on how to secure your network as your connection is up and running.
How a VPN helps protect business data
What is a VPN?
VPN stands for “virtual private network.” A VPN is similar to a password-protected network you create on your router: both allow devices on the network to communicate with each other and share files if needed, and both encrypt all traffic that goes in and out of the network, which makes the data unreadable even if it’s hacked into.
The difference between a VPN and a router network is that router networks are hosted on hardware within your office, while VPNs are hosted in the cloud.
To connect to a router network, users have to be within range of the Wi-Fi signal. To connect to a VPN, users can “borrow” an internet connection from anywhere—a home, a cafe, a library—and then connect to the VPN using a key assigned by the provider.
How does a VPN protect my privacy?
- Routes traffic privately even over a public network. If remote workers use public internet networks or unsecured home networks while working, your company data could be compromised. But when remote workers connect to the VPN while borrowing an internet connection from the unsecured network, all their internet traffic is then encrypted and sent through the VPN’s server to keep the data private. This has the double benefit of allowing workers to access cloud-stored data and other devices on the network (e.g., a wired printer) so it’s as if they’re working right there in the office.
- Creates a private “tunnel” between multiple locations. When you have multiple locations, they can’t physically plug-into the same router. When both locations connect to the same VPN, however, employees can control devices and access files from both locations without having to email them. This is both convenient and highly secure.
Why do I need a virtual network if I can create one on my router?
If you don’t have remote employees or multiple locations, a VPN may not be necessary. But don’t feel like you’re missing out on a bonus security feature; as long as you choose the WPA2 security setting on your router, you have the same protections that you’d have with a VPN, and you’ve saved on your monthly bill.
If your employees work remotely but not often enough to warrant paying for a VPN, make sure you have clear privacy policies and communicate them to your employees. This is a good practice regardless of whether you add a VPN to your plan.
How you can protect yourself from a data breach
A VPN is just one service your internet provider can give you to help you keep your data secure, but keeping your data private doesn’t stop there. Below are a few of the most fundamental steps you should take to protect your business from data attacks.
This is not an exhaustive list—malicious hackers will always be calculating new ways to steal private data. But while you should take security seriously, you should also keep in mind that just like with physical theft, the low-hanging fruit will be the first thing stolen. With every basic measure you take, you give yourself one more layer of protection even if someone does manage to break into your network.
Definitely do this:
- Run industry-standard firewall and antivirus software. This is one of the easiest ways to mitigate your security risks. If you don’t do this, you leave yourself vulnerable to “entry-level” hacking and malware, and just one attack can cost you considerable time, money, and possibly intellectual property (e.g., ransomware that password-protects everything on your device and makes you pay to get it back).
- Password-protect all devices, accounts, and networks, and choose strong passwords. This goes for desktops, laptops, phones, printers, and especially your router. Anything that can be password-protected, do it. If you can’t remember all your passwords, you can get a password manager. This still carries risks—password managers can also be hacked—but just know the weak points of your strategy and take steps to address them.
- Remind employees not to click on unrecognized links. The links could activate malware immediately.
Do this to add more safety nets:
- “Hide” your SSID so it doesn’t show on the list of available networks. Out of sight, out of mind.
- Limit device permissions on your network. You can either limit the number of devices that can connect—just like a streaming service does—or set up a filter to only allow the MAC addresses of specific devices. The more employees or devices you have, the bigger pain it will be to update these settings, but it’s worth it.
- Get IT consultations, regular or occasional, from a third party. It’s no fun as a small business to have to constantly outsource, but if you’re going to outsource anything, let it be IT. You can’t afford not to have a strong security strategy—one breach could put you out of business.
Summary: What to remember about security when you’re looking for business internet
- Your small business is just as vulnerable to cyber-attacks as a large business. To lower your risk, treat security like the necessity it is.
- Your internet provider can help you set up a VPN to securely connect remote workers or create a secure, shared network between two office locations.
- Beyond using a VPN, you need to take basic privacy measures to keep your data secure and then invest in IT consultations if you don’t have a trained IT professional on-staff and can’t commit to rigorous DIY.
9. Property Casualty 360, “Small, Mid-sized Businesses Hit by 62% of All Cyber Attacks”