Thinking about cybersecurity is low on the list of priorities for many small and medium business owners. They already have their hands full with the day-to-day operations of the business. It’s easy to assume ‘I’m too small to be noticed’ and hope everything will be fine.
Unfortunately the majority of attacks on small and medium businesses are not targeted. Attackers set traps indiscriminately and whoever is unlucky enough to fall for the trap becomes the victim. They’ll scan, probe and check for security holes in automated attacks across thousands of businesses, when they find a security hole they’ll zero in on the weakness.
The impact can be devastating. Whether it’s leaking or exposure of confidential data, installing ransomware on your systems demanding a huge sum to unlock your files, capturing credentials or bringing down your websites, it has the potential to stop your business dead in its tracks.
Becoming a victim of a cybersecurity attack is generally avoidable with a little bit of effort. So what are some steps you can take to beef up security without huge financial cost or effort?
Backup and Restore
A good way to protect against ransomware is to ensure your backups are stored in a disconnected system. Keeping your backups on your internal network means that if a ransomware virus infects your network it can lock your backup files as well.
The best way to recover from a ransomware attack is to restore from a backup. So make sure you know how to restore and have a test run. Simply assuming that your backup process ‘works’ can come back to bite you if it has never been tested.
These days, Windows comes with a tool called Defender, which is a built-in anti virus and firewall solution. We recommend this is enabled as a minimum. This is a free product which will offer a basic level of protection.
Consider a paid Anti-Virus solution to give your business an extra layer of protection. Different products will provide more in-grain and innovative ways to protect your data.
Keeping your passwords highly unique, and using a different password for each system you use is another great way to stop the spread of an attack. Often if an attacker captures your username and password for one site, they will test that on many other sites to see if you use the same password elsewhere.
Use a password manager (like Assertiv) to securely store passwords for each of your applications. Password managers also make logging into websites easier by automatically filling in login fields.
Secure your Email
This is an important one. How many times have you needed to reset a password on a website, and they send a confirmation email to you to complete your password reset? It places a LOT of trust in your email system. If someone gets access to your email, you’re toast.
Firstly, ensure you have a strong password for your email account. Following this, the best defense for small businesses is enabling Multi-Factor Authentication, let’s look at that now.
Multi Factor Authentication
A lot of websites now offer Multi-Factor Authentication, it’s an extra layer of defense on top of your password. This is usually in the form of entering an additional code that’s generated from an app on your phone, or an SMS or Email that is sent to you. This protects your account from simply guessing your password through an automated attack.
Take a look at the important websites you use to see if they offer Multi-Factor Authentication. You can also ask us for advice if you’re unsure.
Most laptops running Windows and Mac will support device encryption. This offers a level of protection if the device is lost or stolen. Your data can only be accessed if a password is provided.
For Windows, the encryption tool is called Bitlocker
For MacOS the encryption tool is called FileVault
These features are free to use, and easy to set up if your device supports them.
Formalising your company’s approach on security is a good way of keeping your workforce vigilant. Clearly listing out what is expected from your staff when it comes to cyber security eliminates guess work and assumptions on best practice. Publish this as an internal document and review and update when necessary.
Ensure your staff read the policy and improve it’s adoption by writing the document in a way that your staff will understand it. Considering a ‘sign off’ on the document during your recruitment/induction process.
It is very common to assume people are aware of security best practice, but you’d be surprised. Send out company communications with directives of what is expected of staff.
For example, this could include the following:
- Always lock the screen of your laptop or desktop computer when unattended
- Never write down passwords
- Do not open email attachments unless you are certain the email is genuine, seek assistance if you are unsure
- Do not download or install software without approval from your IT department
There are a lot of simple steps you can take to improve the security posture of your business. It’s also not a ‘set and forget’ scenario either. The items listed in this article are a great start, but we encourage all customers to consider small investments of time and funding to take security seriously.
A tool like Assertiv has been designed with Small and Medium businesses at heart, from pricing through to features. Assertiv displays all of your apps in one place, implements a password manager and multi-factor authentication right out of the box.
Other tools such as Imperium Cyber Security offer endpoint (computers/devices) protection and backup and restore. Imperium Cyber Security consolidates several cyber security functions behind a single interface.
Take a look a the Australian Government Small Business Cyber Security Guide for more tips on how to improve your security posture.
If you would like more help with security, or have a question, please reach out. Our team are experts in cyber security and can help you build a security strategy that is cost effective and developers with your business needs.