Last year most cybersecurity news revolved around large companies like Equifax or Yahoo. But according to the UK government’s Cyber Security Breaches Survey, 46 per cent of UK businesses experienced a cyber breach last year. With almost half of all businesses experiencing cyber attacks, it is a worrying trend.
Today small businesses are not immune from cyber attacks. In the past, cyber attackers were mainly interested in showing off their computer skills. But there is a new breed of hackers who are more interested in financial gains. And these cybercriminals have realised the vulnerabilities of small businesses.
Small business owners are often reluctant to dive into cybersecurity. They are afraid of technical complexity. Even though there can be technical issues to consider, most cybercrimes are deceptively simple. Hackers often use conman-type techniques to attack businesses.
In the UK, the most common breaches were through fraudulent emails (72 per cent). Other techniques include viruses, spyware, malware, impersonating a company employee, ransomware and more. It’s possible to effectively prevent some of these issues without hiring a cybersecurity expert.
Here are some non-technical steps your small business can take to improve cybersecurity:
1. Avoid phishing attacks
Fraudulent emails or phishing attacks are the most effective way for cybercrimes. In a phishing attack, scammers email thousands of users. The emails try to take advantage of users’ anxiety.
These emails warn users of compromised bank accounts or websites. Generally, there are links to fix the problem. The links take the user to a fake page where passwords and personal information are requested.
In most cases, you can easily guess the linked sites are fake. But some sophisticated hackers will even forward you to your real bank or website to keep you from finding out. It gives the hackers more time to use the password you provided.
Phishing attacks are easy to recognize if your employees know what to look for. Employees should always make sure unrecognized emails have a secure(https) link that is verified. Also, they should be able to report any attempt of attack without any repercussions. If there is a fear of retaliation from the business, employees might be unwilling to admit they have been scammed. So employee education and trust will play a vital role in avoiding phishing attacks.
2. Implement spyware, malware and virus protection
Make sure you allocate enough in your budget to purchase anti-virus protection. Modern anti-virus programs are easy to install and they don’t require complicated technical knowledge. You can use the program’s firewall capabilities to restrict access to your systems.
Use software asset management (SAM) tools to manage anti-virus purchasing and maintenance. Often businesses forget to renew their anti-virus program which opens a window of opportunity for hackers.
Also, email attachments help spread viruses, spyware, malware, and ransomware. So make sure your anti-virus program can scan all email attachments. Your employees should proactively avoid attachments from an unknown source.
External USB drives and memory cards work as points-of-entry. Ban them. It will prevent malicious programs from entering your companies ecosystem.
3. Pay Attention to mobile security
Smartphones and tablets are part of the work culture today. Small businesses use them to provide access to email servers and applications. Hackers often try to steal these devices so they can gain access to the network.
Make sure everyone in the company uses a password. It will work as the first line of defense. Also, use your IT asset management system to keep track of the device IDs. It will enable you to remotely track or erase data stored on stolen and lost devices. Modern smartphones and tablets come with web tools to perform these functions.
Everyone should regularly update the device operating system and apps. It takes only a few clicks to perform. Without updates, your mobile devices are more vulnerable.
Make sure employees are aware that they should not connect their devices to untrusted or unknown 3G or 4G hotspots. Hackers sometimes even wait in coffee shops and restaurants near their target businesses. When an employee uses an unsecured coffee shop or restaurant connection, the hackers use that opportunity. They can download information or upload malware to employee devices.
4. Implement robust password authentication
Passwords are still the preferred way of securing software applications. Advanced options like biometrics and face recognition can be too costly to implement. But you can improve your password authentication to make your cybersecurity more robust.
All your company hardware and software should have long passwords turned on. Users should not be able to set up “password123” or such variations. Cybercriminals can easily use brute force attacks to crack these passwords.
You can further solidify your companies password through two-factor authentication. In a two-factor authentication, besides the password, the users have to enter a special code from a physical device. The code can be a random number sent as a text message. Or it can come from a mobile software token generator like Google Authenticator. There are also physical token generator devices available.
Two-factor authentication also guards you against email phishing attacks. Hackers have to get both the password and the physical device of the user to be successful. It makes it harder for them to gain access.
5. Take regular and reliable backups
Even with your best efforts, your small business is always at risk of being compromised. Besides taking preventive measures, you should also have a recovery plan. Backups play a vital role in effective recovery.
Your first step should be to identify the critical data. If your systems are compromised, you should be able to recover your business operations from this data. Make sure your backup is placed in a separate location. They should be on external computers, hard disks or the cloud.
Automate the process. Today’s IT asset management tools might have both backup and restore options. Check to see if your asset management suite has the ability to help you.
Remember to have a clear process for defining the stored information. Your most recent backup data might be corrupted by viruses or malware. So having older backups with clearly marked dates can make the restoration process easier.
In conclusion
Small businesses don’t have the same resources as large enterprises. So the task of handling cybersecurity threats can seem daunting. But as you can see from above methods, you are not powerless. Even without the help of expensive experts, you can take a lot of simple steps to keep your small business safe.
Prasanna Kulkarni is founder and product architect of Comparesoft