Cyber Security Fundamentals for Small Businesses
by Dave Westbrook,
31-Aug-2021
As we've written about previously, for small businesses, even relatively minor cyber security incidents can have far-reaching and disastrous impacts.
This post covers some of the fundamentals of cyber security for small businesses, and aims to keep small business stakeholders alert and prepared for cyber security incidents. We'll identify and explain some common threats—malware, phishing, and ransomware—and outline some steps you can take to protect your operations and data.
Threat 1: Malware
Malware, short for malicious software, is a computer program designed to cause harm by executing unauthorised processes on users' machines. Malware is a blanket term which includes viruses, worms, and spyware. Cyber criminals can use malware to steal your business's information or run their own malicious code on your systems.
Malicious software can be transferred via email links or attachments. It may also be downloaded by visiting an infected site or clicking on an advertisement that contains suspect content. Cyber crime groups constantly update their weapons with the latest features so it becomes critical for businesses to install security updates as soon as they're made available by vendors.
Threat 2: Phishing
Phishing is a social-engineering tactic used to obtain confidential user data such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication like email or chat. Cyber criminals use phishing to obtain the login credentials of their victims, allowing them access to sensitive business information or customers' private accounts.
Threat 3: Ransomware
Ransomware is a specific type of malware which prevents IT systems from performing functions until a ransom is paid. Cyber criminals encrypt your data, restricting access to the files users need to run your business. Cyber criminals then demand payment from victims in order to decrypt their data.
Steps to Protect Your Business
1. Educate your workforce.
People are the easiest route into a business's IT systems, so cyber security education for employees is vital. Train your staff how to identify and report cyber threats and how to spot potentially malicious emails, phone calls or text messages. Emphasise that they should not click on links contained in suspicious email attachments, pop-up ads or text messages from unknown senders. If you're ever in doubt about a communication you receive via email, phone call, or text message it is best practice not to open any attachments or requests until you've verified its authenticity with the sender.
2. Use anti-virus and anti-malware software and enable automatic updates.
This keeps your computers, mobiles phones and tablets protected with continuously updated security methods. Cyber criminals learn new techniques every day so it's important to ensure that you always update your business systems with the latest security updates when available.
3. Protect your company data from ransomware.
To reduce the impact of ransomware attacks, make sure all files are backed up regularly and check user permissions within the network settings on users' systems.
4. Make sure all passwords are updated frequently.
Your staff should never use their favourite pet names or children's names as passwords. Cyber criminals find long, complex passwords difficult to crack but the same cannot be said for "password1234", "iloveyou", or any other ubiquitous password, so implement minimum password requirements for your business's systems. Cyber criminals can also exploit passwords in other ways, such as using phishing tactics to obtain the login credentials of victims who use weak or re-used passwords, which are easier to guess.
5. Deploy multi-factor authentication (MFA) for your users' logins.
MFA works by combining usernames and passwords with other methods of authentication—a PIN, secret question, secondary MFA app, or finger print—so if one method is compromised, the other methods keep protection in place.
6. Maintain an active cyber security function.
Cyber security teams are often expensive for small businesses to hire, so consider outsourcing cyber security functions to a third party provider as this will help reduce both internal costs and around-the-clock operational requirements.
The article covers some of the fundamentals of cyber security for small businesses, but it is a constantly evolving landscape. If you don't have the resources available in-house, it's important to collaborate with an experienced provider who can focus on keeping your business safe without diverting internal IT resources away from other critical business functions.
Download our cyber security fundamentals checklist, including additional tips, or start a conversation with us today to get moving on cyber security.