Simple cybersecurity fixes for small businesses

Cybersecurity for small businesses

Cybersecurity frequently gets pushed down the list of priorities for small businesses. At least until something goes wrong. However, at that point, it is unfortunately often too late to do something about it. The good news is that even if cybersecurity hasn’t been a priority up to now – and you’re not feeling that confident about the measures you’ve got in place – that doesn’t have to mean to stay unprotected. Here are some simple cybersecurity fixes for small businesses that are instant, effective and a great way to start better mitigating risk.

Adjust your mindset

This is the groundwork for ensuring that your small business has a constructive approach to cybersecurity. The first false perspective that any SME needs to shift is the idea that it won’t happen to you because you’re not a big company. Gone are the days when hackers and cyber criminals only targeted deep pockets. Every business today has something that is valuable to an attacker – data – and that means that any enterprise can be targeted for an attack. In fact, it’s often easier to breach the defences of a smaller company, which means you’re the low-hanging fruit that hackers love.

The second false perspective is that cybersecurity can be separated from ‘the rest of the business’ and only needs to be looked at periodically. The reality is that cybersecurity needs to be integrated through everything you do, from how you train your people to the processes that are used every day. It’s not something you can turn to every now and again to update. Cybersecurity-aware culture is a vital part of keeping your business safe, and this is a simple fix you can start implementing at whatever stage of growth you’re at.

Start using Multi-Factor Authorisation (MFA)

The concept behind MFA is simple: make it harder for anyone to steal your data or access your systems by putting multiple barriers in the way. Data breaches have generated billions of stolen credentials for cyber attackers to try today but attempted hacks that use these won’t be successful where there is MFA in place. So how does it work?

• The basics of MFA – The usual sign-on method to access an account, device etc., is supplemented by two or more additional methods to verify the identity of the person logging in. So, that could be a code that is sent via SMS, for example, or it might be biometric identification, a phone call or a key fob. An attacker might be able to guess login credentials, but it will be a lot harder to get than also complete additional verification that could require devices etc.
• How do you set up MFA? – You’ll probably find that most systems already accommodate this, especially if they are cloud-based. If you don’t already have this set up on Google, Azure etc., then this should be fairly simple. The key is to ensure you get on and do it quickly before it’s too late.

Update your password practices

More than 80% of security breaches due to hacking are achieved via passwords. So, while we all tend to take passwords for granted and not make much effort with them, they are actually a vital piece of any security framework. Updating your password practices is also an instant security fix that will upgrade your level of risk management in seconds. So, what do you need to do to achieve it?

• Use complex passwords – These are passwords that probably don’t make sense, use a combination of letters (upper and lower case) as well as numbers and symbols so that guessing them is difficult. Length is a key factor here because the longer the password is, the less likely it can be broken.
• Avoid the basic errors – Obviously, if your password is ‘password,’ then you’re asking for trouble because that’s probably the first one most hackers will try. Equally as inadvisable is any numerical sequence or letter sequence (e.g. 12345 or abcde) or using information about you that is easy to find or guess, such as your full name or the name of a pet. Another big error with passwords is using the same password for all your accounts – if you do this, it’s like creating a skeleton key that any hacker can use to get into everything.
• Follow best practices – For example, choose a password that is 16 characters or more, a nonsensical mix of letters and numbers, unique and not connected to you in any way.
• Remember your password – Password managers can be a useful way to ensure you can access your password information without keeping it insecure, such as writing it on a post-it.

Train your team to look for the obvious

Your workforce can be your biggest asset to cybersecurity – or the deepest vulnerability. Much of this will come down to how much they know about cybersecurity and how to respond to threats. Phishing attacks are particularly likely to prey on a lack of knowledge and training among your staff. This is an email scam (usually) that is designed to get someone to click on a link or hand over personal information or login credentials so that a hacker can access systems or offload malware. Phishing emails can be incredibly convincing, so it’s important to ensure that your team knows to follow basic precautions to keep the business safe. These include never clicking on links they aren’t sure of or which are not from someone they know and being very mindful about who they connect with online.

Small businesses are especially vulnerable to cyber attacks and hackers, particularly as security budgets tend to be much lower in SMEs. However, there is still a lot you can do to protect your business from the worst, starting with these simple cybersecurity fixes. SADS IT has extensive experience working with small businesses to help protect themselves better against cybersecurity threats. You can find out more about our IT security services or contact us for more information.