Did you know that 72% of cyber-attacks are against businesses with less than 100 employees? The headlines often only highlight major data breaches in large corporations but the truth is that the vast majority of hacks are against small businesses.
Small businesses are much easier targets for hackers as they’re usually under-protected. Owners generally can’t afford the same level of IT protection as major government and multinational organisations.
There is good news however, implementing good security doesn’t need to cost thousands and can be done in house today. Follow our top 10 cyber security tips below.
1. Reliable Backups
Could your business carry on trading if you lost your files and emails? A whopping 60% of small businesses that lose data shut down within 6 months. It’s essential to have a good backup policy in place and to test your backup policy regularly. All it takes is one ransomware attack and you could lose access to all files.
A good approach is to use the 3-2-1 rule. This is where you keep 3 copies of your data and store 2 backup copies on different storage media (USB/External Hard drive) with 1 copy located offsite. For added security, use an AES 256-bit encrypted USB stick such as this one here.
If you have a business website and hosted email, ensure that backups are taken of these too. Many website hosts (including us) will include this free of charge but it’s worth double checking.
2. Use Strong Passwords & MFA
Weak passwords are usually the first target in any attack. Using easily guessable words even with numbers and special characters can usually be cracked in seconds. Check this link to see how long it would take to guess your password https://howsecureismypassword.net/
You should never use the same password for different services or systems. Using the same password but changing a number on the end should also be avoided as this is very easily guessable should the first one be compromised.
If you have multiple passwords used for many different systems we recommend using a password tool such as LastPass or 1Password. These tools can generate secure strong passwords and store them for you. If you do use these tools, ensure the password to access your password vault is extremely strong as guessing this will result in a hacker being able to access all your passwords.
If you do need a password that you need to know and remember, consider grouping random words together with a special character E.G. “radio-coffee-rain-jupiter!” This is easy to remember and also extremely hard to guess with a brute force attack.
MFA (Multi-factor authentication) is an authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence such as confirming a code via text message, or using a phone app to approve the login. If you have systems that support this method, it’s recommend to use it.
3. User Access Control
Implementing robust user access policies are vital to avoid your business data ending up in the wrong hands. If you have multiple employees undertaking different roles, segregate and limit access to only those files they require. If you provide IT equipment to employees, do they really need to have administrator level access?
Lots of small businesses these days will outsource tasks such as website content creation to third parties and simply give them an administrator login for their website. Instead, create a different user with the access rights needed for them to carry out the work. Does your SEO freelancer really need to see your e-commerce sales figures?
Finally, when an employee leaves or a third party has finished their tasks, revoke their logins straight away.
4. Keep Software Up-To-Date
Ensure you are using an up-to-date operating system. Whether your use Windows or MacOS, security vulnerabilities are always being discovered. The good news is Microsoft and Apple are quick to release fixes. Having your device set to automatically received updates ensures you remain protected.
If you have a business website running on platforms such as WordPress, it’s important to ensure the platform is also kept up to date including any plugins. We strongly recommend you take a backup of your site before upgrading as you can sometimes run into compatibility issues. If you’re not comfortable performing website updates yourself, speak with your host to see if they can assist with any management services. If you host with us we offer managed WordPress. Contact us to find out more.
5. Use A Firewall
A network firewall is an essential tool for any business. It acts as a security perimeter around your computer and other devices blocking unauthorised incoming and outgoing network traffic. Both Windows and Apple have built-in firewall capabilities, ensure these are switched on.
For business websites, ensure you choose a web host that includes firewall and brute force protection as standard. If you run your own WordPress website, we also recommend installing the WordFence security plugin to further protect your site. It’s free!
If you have a small office, we recommend installing a hardware based firewall to protect your entire network. As the configuration of these are more complex, we recommend getting in touch with your IT provider or contact us.
6. Protect Against Phishing Attacks
Did you know that 50% of UK employees have clicked on an email containing a virus in the last 6 months? Phishing attacks are one of the most common attacks against small businesses. Human factor is usually the easiest way to gain information into your company whether that be passwords, credit cards or other sensitive information. Attackers use email, social media and even phone calls to steal this data.
Ensure you use a spam filter that can detect phishing attempts and block senders. There will always be times email slips through a filter so further education is a must. Phishing emails generally have poor grammar and spelling and contain suspicious looking URL’s E.G. www.g00gle.com.
Attackers like to word the email giving a false sense of urgency and request sensitive data. Email accounts are easily spoofed, always check the senders address. Does this match what you have on your records?
If in doubt, call the sender or business and verify the email before responding.
7. Install Anti-Virus
Only install an anti-virus program from a known and trusted source. Once installed, keep virus definitions and the software up to date to ensure your protection remains effective.
For Windows, Windows Defender is free and comes pre-installed on all genuine versions of Windows 8 and later. If you’re still using Windows 7, Microsoft Security Essentials is also free although support ends for this in Jan 2020.
For Mac’s, Sophos Home Free is a well-regarded free anti-virus solution and comes with a free 30 day premium trial.
8. Use A VPN
A VPN (virtual private network) allows you to connect to the internet privately and anonymously. A VPN creates a secure hidden tunnel between you and the internet that makes it virtually impossible for someone on the same network to be able to track you or see your data.
If you regularly use public Wi-Fi such as coffee shops and hotels then a VPN is a must have tool to improve your security. It will hide your internet traffic and data from an attacker sitting on the same network with a sniffing tool.
As well as protecting your data, you’ll also receive benefits too such as restriction free browsing and being able to mimic connecting from another country. Ideal if you want to watch BBC iPlayer whilst abroad.
We recommend Nord VPN and actually use this ourselves. At just £2.82 a month it’s a very small price to pay for increased protection. If you sign up with our link here you’ll also receive an extra month free!
9. Monitor Your Bank Accounts
Keeping a regular eye on your bank accounts and documenting transactions will help you spot any fraudulent activity. Even if the amount is small, follow up with your bank if you don’t recognise the transaction. Attackers can sometimes test an account with a small purchase before going for larger amounts.
10. Physical Cyber Safety
Be careful with what you plug into your computer. Malware can be spread through infected USB drives, external hard drives and even smartphones.
In a recent attack, the attacker sent out a fake marketing campaign via post with a USB. Curiosity got the better of the recipient who plugged this into their computer. A key logger was installed in the background which sent the attacker every single key stroke made on the computer. If you don’t recognise the storage media, Don’t plug it in.
Want a free site security check for your site?
Fill in the form below and we’ll aim to respond within 48 hours.