Today we tweeted this:
A large number of security vulnerabilities are addressed with these updates for #Adobe products. These are commonly used products that are favorites of a lot of freelancers. Update now!
—–#cybersecurity #freelancer #smallbusinesses https://t.co/JFUNVLucjG
— Duke City Consulting Cyber (@DCCCyber) August 13, 2019
Since some of our audience members are not technophiles (and some are downright technophobes, which is okay!), we considered adding a tip: at least in our small network here, Adobe products are on a short list of software programs that don’t automatically update or alert us to updates. We have to check for and install updates manually. In most programs, that can be done by starting the program and selecting Check for Updates from the Help menu. Then, if an update is available, we follow the installation routine (which differs by program).
We did not add the tip to the tweet, because we think a larger idea needed to be shared. That is, if you are a (very) small business owner (likely without a dedicated IT professional on staff), talk openly and often about cybersecurity with your employees. Small businesses tend to think they are safe from cyberattacks because they are too small for hackers to bother with, but, according to Forbes magazine, 20% of small- to mid-sized businesses have been cyber crime targets.
So be proactive and cultivate an environment that values cybersecurity in your business. That means talking about cyber threats and cybersecurity, and empower your employees to be cybersecure. Anticipate that some employees may not know how to manually check for updates on their devices, for example, and so don’t just say, “Hey, Adobe has some serious patches out, so update your machines,” but make sure everyone feels empowered enough to ask for help making that update if they need it.
Take time in meetings to review the elements of cyber awareness and safe online behavior, but don’t limit discussions of cybersecurity to meetings (where agenda topics can seem rote). Bring these discussions into the office (physical or virtual), focusing on the most common vulnerabilities that can be fended off (mostly) by good habits and behaviors (use of complex, unique passwords, 2FA [two-factor authentication], identifying phishing attempts, etc.).
Not only will creating a supportive culture of cybersecurity help your employees understand best practices, it will also create an environment in which your employees feel secure in implementing best practices and asking questions or bringing potential vulnerabilities or incidents to your attention. It is only when vulnerabilities are brought to light that they can be assessed and addressed. So empower your employees and create a culture in your small business that supports consistent learning about and practice of cybersecurity.