Cyber security for small businesses: Experts share their top tips
Posted: Fri 20th May 2022
No matter what type or size of business you run, you simply can't afford to ignore online security. Making it one of your highest priorities means you can be fully prepared for when something goes wrong – perhaps you accidentally delete data, or your system falls victim to a cyber attack.
Here, we ask three cyber security experts for their top tips on how small businesses can become more digitally secure. They are:
Christina Tueje, managing director of GRC Information Management
In 2022, what are the most common cyber threats for small businesses?
Dan Ackers: The biggest thing these days is phishing. That's when someone sends you an unsolicited text or email trying to act like a service or product you might be using.
They send you a link and ask you to log in to a fake service that looks like the site you're expecting, but actually just steals your credentials. Once compromised, the attacker can then spoof all of your contacts too.
The best way to mitigate against this is to enable two-factor authentication (2FA) on everything. Because even if an attacker has your password, they can't log in to a site without your 2FA code. Secondly, use a password manager – they generate super-secure passwords so you don't use the same code twice.
If I don't understand technology very well, what simple steps can I take to improve my business's cyber security straight away?
Christina Tueje: Always back up your data. Data still gets lost in the cloud, as it can be hacked, deleted (accidentally or maliciously), or affected because of software issues. Consider using a modern data protection tool that backs up data periodically throughout the day to prevent data loss.
And encrypt your hard drives. If your laptop is stolen, but your drive is encrypted, your data will be safe.
Jamie Shaw: Your first task should be to protect any device you use for business – PCs, laptops, tablets and phones – with a solid cyber-security product.
But this security protection will only help you so far. Educating yourself and your staff is the best way to protect your business from cyber attacks, so put a cyber security awareness training programme in place for employees. Human error is the main reason behind cyber attacks.
What does it mean when you encrypt data? What are the benefits of encryption and how do I do it?
Dan Ackers: Encryption is basically when you scramble your data so people who get their hands on it can't read its contents without a code or cypher (like a digital key).
On external drives, portable computers or even desktops, encrypting the hard drive at operating system level means your hard drive is encrypted. If someone then steals your device, they won't be able to recover the data. This is a smart move.
My business doesn't have an IT or tech department – it's just me. What can I do to educate myself on cyber security?
Dan Ackers: YouTube. There are loads of resources on there. For example, Scammer Payback shows a lot of ways that hackers attack people and then reverses their attacks, which is funny but also educational. There are lots of other channels that you can find with a quick search.
Three ways you can update digital security across your business
How do I create a secure password?
Jamie Shaw: We all have a number of online accounts, whether they're for banking, booking flights or buying stuff from Amazon, for example. Each one requires your email address – which is usually the same in all instances – and a password. This is where the problem lies. Passwords are universal and a hazard at the same time.
The average user has around 100 passwords. How do you remember them all? And how do you make sure they're secure?
I don't have the head space to store hundreds of unique, secure passwords, so I use a password manager. I recommend you do the same.
They allow you to generate strong and unique passwords and use one-click logins. They also tend to have vaults that let you not only store your account log-in details but also important documents, secure notes and credit cards.
I don't have much budget to spend on digital security. What are some low-cost – or even free – options I can take advantage of?
Dan Ackers: Many password managers have a free tier, and free two-factor codes as well. The Google Authenticator app is brilliant for assisting with two-factor authentication too – and is also completely free.
Grabbing a virtual private network (VPN) will massively up your security when using public wi-fi. Attackers on the same network can see your traffic and spoof a wi-fi router to force your phone to connect to it. When this happens, having a VPN will make sure they still can't see your traffic as it tunnels your connection through the VPN, and not across the open internet.
What are the main security concerns around business websites?
Dan Ackers: Security updates are a big thing. Older sites running things like WordPress can get attacked quite often. Keeping the WordPress core up to date, and all plugins, will protect against this. Also installing security plugins like Wordfence will add another line of defence.
Are businesses more at risk now that many team members work from home? What are some simple ways to keep data secure with staff working remotely?
Dan Ackers: I sound like a broken record, but basic things that we've covered already. End-to-end encryption, VPNs, two-factor authentication and password managers will get you most of the way there.
Using services like Office 365 and Google Workplace give you domain-level control over security in an easy-to-manage interface. Working with a partner on these apps will also further ease your transition and bolster your support.
Free 30-day trial: Avast Business Hub
Get a free 30-day trial of Avast Business's integrated security platform, the Business Hub with Antivirus and Patch Management. Easily manage both security solutions centrally from one location for multiple devices.
About Avast Business
Avast Business provides simple yet powerful security solutions for SMBs and IT service providers. Backed by one of the largest, most globally dispersed threat detection networks, the Avast Business security portfolio makes it easy and affordable to secure, manage, and monitor business devices.
The result is superior protection that businesses can count on. For more information about our managed services and cybersecurity solutions, visit www.avast.com/business.
How small businesses can improve their cyber security
How to secure your online business