Cyber threats are a problem for organisations of all sizes. In fact, there is evidence that smaller businesses are more likely to be targets. One reason for this is because they often lack the necessary resources to protect themselves from such threats.
It’s crucial to protect your business from cybercriminals. But this is a constantly-evolving landscape and it can be hard to know where to begin. Here are some tips for small businesses to keep themselves safe.
Steps You Can Take to Protect Your Business
Cyberattacks are a threat to your money, data and IT infrastructure. Hackers can even use your company as a stepping stone to target others that have you in their supply chain. The financial and reputational losses can be devastating to a business if it falls victim to cybercrime. Here are some things you can do to prevent them.
1. Backup Your Data
Your business-critical data is fundamental to your operations. If you lost access to the primary source, it would be devastating. It’s crucial to make regular backups of this key data. This gives you a failsafe in the event that your business is impacted by cyber threats as well as other risks like flood, fire and physical damage.
Consider the following:
- Identify the data that needs backing up: this is your essential data that your business simply cannot function without.
- Keep backed-up data separate from your computer: whether on a USB stick, a separate drive or a separate computer, your backed-up data should be kept away from staff and kept separate from the device that holds the original data.
- Cloud storage can be great: the cloud provides a storage source that is physically separate from where you are. Uptime is very good and you have good security measures to protect data stored on the cloud.
- Keep back-ups up-to-date: backing up data may not be fun, but it is crucial to do it. Automated backups can make it easier and ensure you always have the most up-to-date information available.
2. Deploy Effective Malware Protection Measures
Malware is software that can enter your systems and harm your organisation. They usually get in through hacks or by tricking individuals into allowing them in, a type of cybercrime known as social engineering. Software like computer viruses and ransomware can be extremely damaging to your operations. As such, it’s important to safeguard your organisation against these things in every way possible.
- Run reliable antivirus software: this should be on all computers and laptops. Keeping it up-to-date is essential and it should be running constantly when computers are in use.
- Train staff to look out for suspicious links and applications: apps for smartphones and tablets should always come from manufacturer-approved stores. These are checked and verified as safe. Ensure staff know not to download apps from other sources and only give them as much access to your systems as their role requires.
- Keep IT equipment up to date: patch tablets, smartphones, laptops and desktops to keep their software and firmware up to date. This is essential as it ensures everything is configured with protection against known weaknesses. Automatic updates are a good way to cover this.
- Restrict the use of USB drives and memory cards: if an infected stick is connected to a computer in the system, everything could be compromised. All detachable memory devices should be regularly checked and audited and there should be strict regulations around their use.
- Switch on your firewall: it is there to protect you.
3. Protect Mobile Devices
Some simple best practice guidelines can help keep mobile devices secure. With remote working so commonplace now, these devices are powerful and widely used. Follow these simple tips to protect them:
- Use password protection: complex passwords and PINs, as well as two-factor authentication, can go a long way. Fingerprint and facial recognition are also helpful.
- Install tools to track, lock and/or wipe lost devices: there are plenty of tools to remotely track or lock devices that fall into the wrong hands.
- Keep devices and apps up to date: both device software and apps should be kept updated to ensure they have the latest security measures active and any known bugs are resolved.
- Avoid unknown WiFi hotspots: public WiFi is often not secure, so any activities you carry out while connected to them are vulnerable to compromise. Avoid them with your company’s devices, opting instead for 4G or 5G mobile networks and their built-in security.
4. Passwords Are Essential
There is business-critical data on all your business devices. As such, access to them must be restricted. Passwords are the first line of defence to prevent unauthorised access. And, when implemented correctly, they are a very effective measure.
- Always have password protection activated: it may be a full password, a PIN or biometric identification, but all must be kept on.
- Protect important accounts with 2-step authentication: this is known to be a very secure method of protecting accounts, so make use of it wherever possible.
- Create good passwords: predictable passwords are weak, and you may be surprised how easy they are to guess. A good rule of thumb is to ensure it couldn’t be guessed within 20 attempts, and a random combination of upper- and lower-case letters, numbers and symbols is best.
- Introduce measures to help with ‘password overload’: don’t enforce regular password changes. Instead, provide secure storage where staff can keep records of passwords like password managers.
5. Beware of Phishing Attacks
Scammers use phishing attacks to cast a wide net and try to trick recipients of emails or text messages into divulging sensitive information. This could be bank details, login credentials or personal information. These attacks are getting more sophisticated, so make moves to protect against them.
- Configure accounts to block phishing attempts: many email providers offer significant phishing protection, and you can add additional measures for increased protection.
- Consider how you may be targeted: look out for things specific to your business, like invoices or contractor communications, which could be faked. Train staff to be mindful of these.
- Be aware of the obvious: spelling and grammar errors are a common giveaway of phishing scams. Also, generic words like ‘friend’ of ‘valued customer’ are red flags. Learn the common signs and act accordingly.
- Always report attacks: this will enable the authorities to clamp down on scammers and provide enhanced protections against specific scams.
Training your employees is one of the most powerful measures you can take. But it is important to follow all the basic tips covered in this article to protect your business. You could also implement reputable business management solutions with robust security measures incorporated. Or you could work with a cybersecurity firm that can help you implement everything you need for maximum safety.
However you do it, just make sure you are protected.
Why Choose Eventura as your Cybersecurity Partner?
With over 20 years experience in cybersecurity, we know our stuff. Our team of cybersecurity experts can complete a full audit of your business and identify any areas of weakness, which could leave you vulnerable to cyberattacks.
We were even mentioned in the Governments National Cyber Security Centre (NCSC) Annual Review 2020 when we were chosen to test their “Exercise in a Box” designed to help small businesses prepare and respond to cyberthreats. You can read the article here.
There is a common misconception that cyberattacks don’t happen to SMEs but this couldn’t be further from the truth. With our expert knowledge, we can help you protect your business’s future from the ever increasing threat of cybercriminals.
If you would like to speak to one of our cybersecurity experts or request a cybersecurity audit, you can request a free call back here.