Is Your Business Cyber-Safe?

Why it matters. Small businesses face growing cyber threats from phishing, ransomware, and hacking attacks. Essential protections include encrypting devices, using unique passwords with two-factor authentication, maintaining updated security software, implementing network firewalls with segmentation, and running regular backups. Working with an IT consultant can help identify vulnerabilities and create a comprehensive security plan.

Is your small business safe from cyberattacks? The number and sophistication of cyberattacks against small businesses have been increasing every year. Artificial intelligence will only make the situation worse since cybercriminals can use it to increase the scale of their attacks.  

Small businesses are not prepared for the level of sophistication and devastation of these attacks. Fortunately, there are some practical steps and strategies that can reduce your exposure to attacks and protect you against the most common threats. 

Stolen or discarded devices can become major security vulnerabilities if the affected device contains sensitive information (e.g., payroll). The device can provide criminals with immediate access to data they can sell or exploit. 

Phishing attacks trick your employees into providing sensitive company information (e.g., account login information, etc.) to a cybercriminal. Most attacks use a fake email from a well-known vendor. The email directs the user to a fake, but realistic, website that steals the credentials. 

Malware and ransomware attacks occur when malicious software is used to steal your data or disrupt operations. Ransomware is a type of malware that encrypts your files so you can’t access them. Attackers then demand a ransom payment to provide a decryption key. Ransomware attacks can be devastating and are often difficult to recover from.

Hacking attacks occur when a person or automated bot breaks into your company’s network. Their objective is to steal your company’s data or use your devices to conduct attacks on other networks (e.g., as part of a botnet, where several computers are infected with bots without the users’ knowledge). 

Action steps 

Most small companies don’t have the internal resources to manage IT security. The best strategy is to work with a knowledgeable IT consultant. The consultant can evaluate your company’s security and provide a comprehensive plan to cover your weak spots. The following strategies should protect your company against most attacks. They provide a good starting point for your discussion with the IT professional. 

1 Encrypt and lock up your computer 

Encrypt every office computer to protect sensitive information in case a device is lost or stolen. For stronger protection, require a startup PIN to unlock the drive. On Windows PCs, this is done by enabling BitLocker and turning on “TPM with PIN.” Remove all sensitive information from office computers before donating or recycling them. On Windows, use the “Reset this PC” function to remove sensitive information from the drive. 

2 Don’t reuse passwords 

Using the same password for every business service account may be convenient. However, it is also very risky. All your accounts could be exposed if the password is stolen. The best strategy is to use a unique password for every account. Consequently, only one account is exposed if the password is stolen. Enable two-factor authentication for all important accounts, especially banking and payment accounts. This step offers additional protection in case the password is stolen. Lastly, consider using a password manager to organize all the different passwords. We use a password manager to generate secure passwords and to store the account information securely.  

3 Install and update your security software 

Every computer in your office should have an antivirus/anti-malware application installed. It scans your computer’s activity for threats and protects you against viruses, malware, phishing and ransomware attacks. This application is your first line of defense against most attacks and should be updated regularly.

4 Secure your network 

A secure network is the cornerstone of effective prevention against cyberattacks. It can block threats before they reach your systems, while also preventing attacks from spreading through your network. Unfortunately, most small businesses fall short in this area. At a minimum, your company’s network needs a firewall and routing capabilities. This setup allows you to block external attacks, segment your network, and monitor suspicious activity. 

Block external threats. A firewall is a security device that monitors network traffic and limits unauthorized access. Firewalls limit your exposure against cyberattacks by stopping threats before they reach your systems. 

Segment internal networks. Your network should support segmentation so you can separate devices into separate groups, each with its own security rules. This strategy lets you keep staff computers, sensitive systems (e.g., payroll) and guest devices on separate networks, each with specific levels of access. Segmentation offers a strong layer of protection. An attacker that compromises one part of your network (e.g., guest access) cannot move easily to other systems. 

Monitor and block traffic. A firewall lets you block access to unwanted or risky destinations. This includes social media, gaming and illegal websites. Blocking these websites reduces your company’s exposure to malware, phishing attacks and other threats. 

5 Backups 

Backups are essential tools for business continuity. They can help you recover your company’s files if you suffer a ransomware attack. We run two daily independent backups. The on-site backup is used for quick restores, while the off-site backup (via a cloud service) provides redundancy.