If you’re a small business, you are probably more interested in increasing revenue and decreasing costs than dedicating resources to IT security. However, this mindset could put you at risk of a security attack that can result in downtime, decreased customer satisfaction, and ultimately lost revenue and higher expenses.

So what do you do if it’s too late and you’re experiencing an attack? Here are some basic steps you need to take: quarantine the computers that were affected; remove the malware; restore the computers to their original condition; reinstall systems and applications; scan for malware; restore your company’s data (if you lost it because it wasn’t backed up, let this be a lesson); and start being secure.

For small businesses who have been burned before and want to avoid a repeat, or for companies more inclined to prevention, here are seven tips and best practices that can actually keep costs down:


Use common sense

Err on the side of safety. Delete dubious attachments – especially if they’re from an unrecognized source. For example, don’t download tempting animations on a site that look highly unprofessional.


Scan files for malware before using them

With so many files floating around today’s businesses, running virus and malware scans before launching any new files should be a requirement for employees. All it takes is one of those files to disrupt operations.


Be smart when downloading

Avoid downloading files you can’t be sure are safe. This includes freeware, screensavers, games and any other executable program – any files with an “.exe” or “.com” extension, such as “coolgame.exe.” If you do have to download from the Internet, be sure to scan each program before running it. Save all downloads to one folder, then run virus/malware checks on everything in the folder before using it.


Update endpoint protection software frequently

An endpoint protection software program is only as good as the frequency with which it is updated. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current.


Set security software to boot automatically

Configure computer protection software to boot automatically on start-up and run at all times. This will provide back-up protection in case employees forget to scan an attachment, or decide not to.


Be careful with e-mail attachments

Scan all incoming e-mail attachments for malware, even if employees recognize and trust the sender. Malicious code can slip into systems by appearing to be from a familiar source. Be sure e-mail programs don’t automatically download attachments. If they do, employees won’t have time to scan the attachments first. Refer to your e-mail program’s safety options or preferences menu for instructions.


Install reliable computer protection software

Computer protection software scans files regularly for unusual changes in file size, programs that match the software’s database of known malware, suspicious e-mail attachments and other warning signs. It’s the most important step SMBs can take toward keeping your computers clean of malware. Such technology includes Kaspersky, which uses an online reputation database to identify and block malware attacks.


Be sure to educate your employees on these seven points and implement policies that ensure that your company is following these guidelines. It may take an investment of time and money at the beginning, but these preventative measures will save even more time and money in the long-run. Don’t risk your company falling victim to a malware attack.