Cybersecurity for Small and Medium Sized Businesses

As the year draws to a close, we don’t need numerous surveys telling us small businesses found year two of the pandemic more disruptive than the first. While we cannot change the past we can influence the future. Protect your business and give yourself every chance to recover. 

Cybercrime. Think hackers, malware, phishing, and ransomware attacks. Data is it encrypted or not? Passwords, if user and system passwords are weak or defaulted or stolen, it makes stealing data that much easier. And then there’s the increasing threat of social engineering. This practice relies on tricking or pressuring a user into breaching security procedures to access sensitive information. While not as prevalent as malware, phishing and other types of attacks, social engineering is still a significant threat. And it should be accounted for in any cybersecurity plan.

Bad news – Cybercrime activity increases over the festive season

Good news – Steps can increase prevention.

As a minimum implement common tools:

• Anti-virus/anti-malware software
• Two-factor authentication for user access
• Software patches and updates, often for security
• Network and system firewalls
• Encryption for databases and customer data
• Password managers

Beyond tools like these, cybersecurity for small and medium sized businesses also relies on following security practices implemented by the organization. 

• Establish security plans, set password rules and password update schedules, and continually monitor employee compliance.
• Ensure that remote workers connect to a secure network.
• Detect questionable downloads from unknown sources and readily alert employees to them.
• Assess what data within your business requires the most protection.

Here are a more tips:

Train employees in security awareness

Educate employees on what to look for. Establish standard practices and policies, such as strong passwords and guidelines for Internet use. Also implement rules of behaviour for how to handle and protect customer information and other vital data.

Protect information, computers, and networks from cyber attacks

Keep computers “clean.” Having the latest security software, web browser, and operating system are the best defences against things like viruses and malware. Additionally, install other critical software updates as soon as they’re available and run an antivirus scan after each update.

Provide firewall security for your Internet connection

A firewall prevents outsiders from accessing data on a private network. On your company’s network, make sure the operating system’s firewall is enabled. If employees work from home, make sure their home system(s) are firewall-protected.

Create a mobile device action plan

Require users to password-protect their devices and encrypt their data. They should likewise install security apps to prevent criminals from stealing information if the phone is ever on public networks. In addition, set reporting procedures for lost or stolen mobile devices.

Make backup copies of important business data and information

Back up data on computers on a regular basis. Critical data can include spreadsheets, databases, financial files, HR files, accounts receivable/payable files, and so on. If possible, back up data automatically, or at least weekly, and store the copies offsite or in the cloud.

Control physical access to your computers and create user accounts for each employee

Prevent access or use of business computers by unauthorized individuals. Making sure a separate user account is created for each employee (strong passwords included) can help. Administrative privileges should also be given only to trusted IT staff and key personnel.

Secure your Wi-Fi networks

If you have a Wi-Fi network in your workplace, make sure it’s secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it doesn’t broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router, as well.

Employ best practices on payment cards

Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. Further, isolate payment systems from other, less secure programs. And definitely don’t use the same computer to process payments and surf the Internet.

Limit employee access to data and information, limit authority to install software

Do not provide all employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs. They also should not be able to install any software without permission.

Passwords and authentication

This goes back to Tip #1. Require employees to set unique passwords and change passwords at least every 60-90 days. Multi-factor authentication that requires additional information beyond a password to access systems also helps, including for vendors that handle sensitive data for your company.

Take these precautions, and your business will have a better chance of not being a cyberattack statistic. For many of us 2022 will be a pivotal year. Make sure to give your business every chance of success and take steps to limit the risk of being impacted by cybercrime. We wish you all the best for the year ahead. Enjoy the festive season. Thank you for all your support over the year, and if you need help or advice with your IT systems we are here to help.

Case Studies