cybersecurity, small business, securing your business, security, chase for business, cybersecurity best practices. group of people working together in a office with laptops open and some papers on a table group of people working together in a office with laptops open and some papers on a table group of people working together in a office with laptops open and some papers on a table group of people working together in a office with laptops open and some papers on a table
Small Business

Manage Your Business

Make cybersecurity a team effort in the workplace

A checklist to make sure your company is adopting cybersecurity best practices

A security-smart workforce is a key component of any business' cybercrime defense plan. Firewalls, anti-virus software and financial controls can only do so much—just one employee clicking on the wrong link can breach those defenses, says Eric Smith, Executive Director of Cybersecurity at JPMorgan Chase.

Everyone in a business plays a critical role in cybersecurity. Share this checklist with your employees to remind them of some ongoing good habits and practices that will help protect company data and assets.

  1. Strengthen your passwords: Use complex passwords that include letters, numbers and other hard-to-guess combinations of characters and symbols. Passwords should never be written down.
  2. Recognize suspicious emails: These include an urgent, unusual request for a funds transfer; poor grammar or spelling; or an unexpected invitation to open an attachment or click on a link. When you notice any of these indicators, take independent steps to verify authenticity. Don't reply to a suspicious email, even from a known contact. Call the person instead.
  3. Click with care: If you are directed to a website that's poorly designed and includes misspellings, it may be a fake site designed to capture your login credentials. Stay on the safe side: open a new tab in your browser and type in the known web address of the company you want to reach, rather than clicking on a link received in an email.
  4. Limit posting about your professional role on social media: Cybercriminals may harvest information about you to craft a targeted email designed to fool you, or they may pose as you to elicit information from someone else. If you use social media, be especially alert to possible fraudulent emails that try to induce you to reveal log-in credentials or other confidential data.
  5. Install software updates: When you're busy, it can be tempting to ignore notifications to download and install software updates. But updates often include important security fixes, so keep your work computer and your smartphone up to date to protect yourself.
  6. Keep your system locked when away: When you're out to lunch, your system should be, too. Set your operating system controls to lock your computer as needed. That way, it can be accessed only by typing in your password (which you should not share with anyone).
  7. Leave your "jailbroken" phone at home: Some people reconfigure their smartphones to bypass operating system controls, but that also leaves the device more vulnerable to rogue mobile apps that could contain malware. Stick to official app stores—such as those by Apple or Google—as your source for downloads.
  8. Learn safe travel habits: Be careful when using Wi-Fi networks in hotels, airports, coffee shops and other public places. Try to connect only through trusted networks when accessing or transmitting sensitive data.

Taking these steps will make each employee part of a stronger defense in the cybersecurity chain.

For more information and resources to keep your business secure, visit the Chase Security Center.

This document was prepared exclusively for the benefit and internal use of the party to whom it is delivered (the "Recipient"). The content is not intended as, nor shall be deemed to constitute or contain, advice on which the Recipient may rely; does not constitute in any way research of JPMorgan Chase & Co. ("JPMC"), and should not be treated as such. This document is not intended, nor should it be relied upon, to address every aspect of the subject discussed herein. The Recipient is responsible for determining how to best protect itself against cyber threats and for selecting the cybersecurity best practices that are most appropriate to its needs. JPMC assumes no responsibility or liability whatsoever to any person in respect of such matters, and nothing within this document shall amend or override the terms and conditions in the agreement(s) between JPMC and the Recipient. 

Screen Reader Users: To load more articles, scroll down the page, or click the list of articles.