Posted: Thu 23rd Sep 2021
Businesses come in all shapes and sizes. But in today's world, no organisation, large or small, can afford to ignore online security.
Whether you're a team operating out of an office, or an individual working from home, cyber security is an issue that every business should prioritise.
Cyber crime generally grabs the headlines when a huge multinational or government is the victim, but the smaller cases are arguably the bigger story.
In truth, any business can become a target. The good news is there's still a huge difference between being a target and a victim. And for the most part, it simply comes down to being prepared.
How to protect your small business from online threats
Conduct a security audit
The starting point for any cyber-security strategy is to assess the risks to the business.
Identifying your business's security strengths, weaknesses and opportunities for improvements will provide a good foundation for your future decision-making on appropriate technology and other measures to implement.
Assess the following factors:
Staff (habits, whether they keep to IT policy)
IT infrastructure (web servers, network devices, workstations, etc.)
Data – intellectual property (IP), customer and partner data (where and how you store it, what might be of interest to attackers)
Suppliers (exposure to their systems, level of protection, their cyber-security IQ)
Email policies (date last updated, how well policies are enforced)
Software vulnerabilities (including your policies for updating and installing patches)
Administrative rights and network permissions (whether employees have access only to the data they need to be effective)
Be educated about browsing behaviours
Hopefully, you and your team understand that there are certain types of sites you shouldn't be visiting at work. However, you also need to be careful to only conduct sensitive business on secure websites and to be wary about attachments and links in emails and other forms of message.
Good habits include:
typing in URLs (web addresses) – don't click on links in emails
only entering confidential data on 'https' pages
checking that the web page's security certificate is valid
If you have employees who use work devices (such as a smartphone or tablet) for personal use, it's easy to become less security conscious once they've left the office. It's a good idea to block inappropriate sites to make sure they can't be accessed from business devices.
You and your team should also avoid using untrusted, public wi-fi networks for conducting sensitive business.
Have a strong password policy
Make sure you have a strong password policy and your team use strong, unique passwords that mix symbols, numerals and letters of both cases.
Everyday words can be cracked by programs that simply scan through dictionaries until they find the right one.
And even if it's strong, if a compromised password is used on a number of different websites, it can lead to an even bigger breach.
Keep your software up to date
Digital security organisations detect new pieces of malware (malicious software) every second. So you need to stay ahead.
That means not only using automated updates to top up your security software every day, but updating your operating system and all of your other software too. Make sure everyone in the business does the same.
Remember, programs that haven't been updated are the number one route cyber criminals use to hack businesses.
Make sure your banking is secure
Cyber criminals have a number of methods for obtaining your financial information, from directing you to fake versions of trusted sites to using malware to spy on your activity and capture passwords. You need to take active measures to stop them.
Stay alert for 'phishing' attempts. Phishing is when cyber criminals impersonate a trusted institution, hoping to obtain information (such as passwords and credit card details), which they could use to defraud you.
Often, phishing scam artists send emails impersonating your bank. Consequently, you should always take a close look at the URL before you enter your details on any site, and ideally use a secure browser.
It's also best to avoid including such information in emails, which may be seen by eyes they weren't intended for.
Protecting mobile devices
Working on the move is now part of our everyday life, and cyber crime is increasingly directed at mobile devices.
Because of their portability and size, mobile devices are very easy to lose or have stolen. If you don't protect yours properly, it provides an easy way for someone to gain access to your business.
Remember that on a mobile device, a weak PIN or password becomes a single point of failure, allowing easy access to everything you do on your device.
If you store sensitive data on your company computers, encrypt it. This helps make sure that if you lose the data or it's stolen from you, other people won't be able to access it.
It's important to realise that as a business, the information you hold is a highly valuable asset that needs protecting.
Choose the right anti-malware protection
When it comes to cyber security, your small business is in a unique position. You face many of the same threats as large enterprises, while sharing many of the same vulnerabilities as home users.
This unique position deserves its own approach to security. Simply repackaging a consumer product as a small business solution isn't adequate. For instance, it might offer no protection for servers, but many small businesses either use one or soon will.
Unlike home users, your business needs to protect a number of devices easily. But it's likely you don't have dedicated IT teams or the time to wrestle with complicated software built for specialists.
Choosing the right security software will allow you to feel relaxed and comfortable that your business is adequately protected, without the hassle of managing an expensive or overly elaborate security solution.