Cyberthreats are becoming increasingly common and can be harmful to any business. Small businesses tend to think they are too small to be worth attacking but sometimes, that makes them an easier target. In fact, recent trends show that cyber-attacks on small businesses are increasing.
Any business that holds data; customer’s email addresses, phone numbers, billing addresses, credit card details are at risk, as hackers can leverage this data to make money. Hackers may even use their access to your network as a stepping stone into the networks of other companies whose supply you or partner with you, putting them at risk, too.
It’s time for small businesses to take the threats seriously and find out more about how you can protect your business from cyberthreats.
Top tips for protecting your business
- Antivirus Software – This can protect your devices from viruses, spyware, ransomware and phishing scams. The software you choose need to offer protection but also technology that helps you clean computers as needed and resets them to their pre-infected state.
- Control Permissions – Not every person in your business needs access to critical files or information. Introduce user roles and permissions; a user role has a built-in set of permissions specific to particular job titles. Within these roles, you can assign permissions for each user. More importantly, when someone leaves, revoke all access, immediately.
- Data Back-ups – Losing your data could close the doors to your business. Think about how much you need your data and then start identifying business critical data and how often you want to back it up. Would it harm your business if you lost a day’s worth of data? Or an hour? Once you identify the frequency, you can also identify how you want it backed up and the method. Consider having a back-up option, off-site, too. Even if you have cloud solutions such as Office 365, don’t automatically assume that they are being backed up, either.
- Educate your team – Not all threats are external, employees are actually one of the highest causes for breaches. The breach could be caused by someone intentionally trying to cause harm to the business network out of spite or unintentionally, by losing a device that has log in details to key applications loaded on to it or clicking on a link in an email. Some of these breaches you can’t necessarily prepare for but you can educate your team on how to identify cyberthreats and for those found to be malicious intent, you can it out in a policy the consequences of their actions.
- Go Cloud – Cloud providers like Microsoft have done the hard work of ensuring their product is as secure as it can be for their customers. Unlike when you buy software as a one-time download, cloud solutions are constantly updated by the providers, automatically, so they are constantly working to keep it as secure as possible for their customers (N.B. As long as you don’t forget to activate updates, of course).
- Security Measures for Mobiles – Regardless of whether you supplied business mobiles or allow your staff to use their own for business use, they are an entry point to your business network. You need to ensure you have security measure in place for them. We recommend using a Mobile Device Manager (MDM) which is software that allows IT administrators to control, secure and enforce policies on smartphones, tablets and other endpoints.
- Systems and Processes Risk Assessment – Look at your IT systems and process with a critical eye to see if you can identify any possible breaches could occur, better yet, get an external IT company to review them as sometimes it’s better to be on the outside, looking in to see any possible issues.
- Secure your Wireless networks – Cyber criminals often obtain access to your IT system by exploiting any security weaknesses in your wireless networks. Ensure you are managing your Preferred Network List (PNL) and using a Virtual Private Network (VPN.)
- System Updates – Ensure that your systems remain at optimum performance and secure by carrying out updates. Don’t ignore notifications to update as the latest update could be the one to fix any security flaws that the provider has found. Not doing so puts you at risk from opportunists who have discovered these weaknesses and wish to exploit them.
How can we help?
We have a range of Cybersecurity Solutions to suit small businesses. We’d be delighted to speak with you to match up the best options for your business and budget:
- Backup and Recovery – we can help you decide on a data back-up and recovery solution and implement it.
- Cyber Essentials – we can take you through the Government-backed, industry-supported scheme which helps to define a set of security controls and clear guidance on the basics of cyber security. Once completed, you are awarded a certificate which showcases that you are proactive against cyber-attacks.
- GDPR Compliance - we will ensure that you are in full GDPR compliance when it comes to your data security.
- Internet Security Solutions – we will work with you to best find the internet security solutions which will help protect your business’s network. We can use a variety of different tools, such as: Antivirus and anti-malware software, Application security, Behavioural analytics, Data loss prevention, Distributed denial of service prevention, Email security, Firewalls, Mobile device security, Network segmentation, Security information and event management and Web security.
- Layered Protection is a cybersecurity system that has multiple levels of protection. The main principle of this system is prevention, detection and response. We can implement layered protection into your business.
- Managed Endpoint Security - Endpoint devices such as desktops, laptops and mobiles are a point of access to your business network. When we employ managed endpoint security for you, you are in effect putting in a process to authenticate and monitor access to your network through your devices. We’ll implement security policies to prevent any external or internal threats to your network.
- Penetration Testing is where we simulate a cyber-attack and identify any vulnerabilities in your system.
- Phishing Simulation is where we can test your business and staff’s reaction to phishing email by mimicking the role of the attacker by sending realistic phishing emails to test your staff’s reactions. An effective phishing simulation program can help to significantly improve employee's awareness of phishing threats and increase the likelihood that they will respond correctly when they encounter a threat.
- Ransomware Protection – we can implement security measures to protect you from ransomware (illegal malicious software)
- User Awareness Training - We can deliver bespoke, user awareness training to your business which has been designed to educate your team in learning the risks, identifying suspicious activity and best cybersecurity practice in highlighting the activity and protect the business. We’ll tailor the training to suit your business size, industry and current knowledge of your team.