Best practices to build defence and resilience against cyber-attacks
SMBs need a cybersecurity strategy to protect their own business, their customers, and their data from growing cybersecurity threats.
Small to medium businesses (SMBs) are subject to the same kinds of security threats that larger businesses face. The damage can also be more devasting to an SMB because of the relative lack of resources. The average payment for a ransomware attack in 2021, for example, was $200,000 – a tiny fraction of revenues for a large business but potentially devastating to a small one.1 The damage of a cyber-attack often extends beyond security and systems availability issues, affecting the business’s reputation. In addition, even though they don’t have the same resources as large enterprises, many SMBs are still required to be compliant with several data privacy regulations, with failure resulting in steep fines.
But this doesn’t mean that all hope is lost – here are 12 tips that can help you protect your business:
1. Stay up to date: Having the latest security software, web browser, and operating system are the best defenses against online threats. Be sure to use antivirus software and run a scan after each software update. Also, install the updates as soon as they are available.
2. Implement a firewall: A firewall is a program that prevents outsiders from accessing data on your private network. Most computers come built in with firewalls. Make sure it is enabled, and if it doesn’t have one, download the software from a reputable source. Do this for all employees, even if they are working from home.
3. Provide security training: Establish basic security practices and policies for employees, such as requiring strong passwords, prescribing behaviour on how to handle data and protect customer information and creating appropriate internet use guidelines. Create and share the policies with details of the penalties for violating company cybersecurity policies.
4. Create a mobile device action plan: Mobile devices can create significant security and management challenges. Require users to password-protect their devices, encrypt their data, and install security apps. Also set reporting procedures for lost or stolen devices.
5. Make backup copies: Regularly backup critical and sensitive data on all business computers. If possible, backup data automatically, or at the minimum once a week and store the copies either offsite or in the cloud.
6. Control access: Prevent access or use of business computers by unauthorized individuals by monitoring who uses your networks and when. Create separate user accounts for each employee and require strong passwords. Not everyone should have administrative privileges, it should only be given to trusted IT staff and key personnel.
7. Limit employee access and authority: Do not provide any single employee with access to all data systems. Employees should only be given access to the specific data systems that they need. They should also not be able to install any software without permission.
8. Passwords and authentication: Require your employees to use a unique password to access systems every three months. Also, consider implementing multi-factor authentication to further secure access.
9. Secure your Wi-Fi networks: Make sure your Wi-Fi network is secure, encrypted, and hidden. Hide your Wi-Fi network and password protect the router. You can do this by going into your router setting and configuring to include a password and not broadcast the network name. Also, consider providing your employees with an encrypted/pre-setup router if they are working from home – so that their home networks are just as secure.
10. Employ best practices on payment cards: Work with your payment partners to ensure that you are employing payment processing best practices and have access to the most secure devices. Isolate payment systems from other, less secure programs and don't use the same computer to process payments and surf the Internet.
11. Evaluate the security of external partners: Ensure that your outside partners are working in a secure manner and have up-to-date security protocols. Do not be afraid to inquire about the steps your partners are taking to ensure strong security and data backup.
12. Hire outside experts: If you don’t have the budget to hire the staff and run a cybersecurity program in-house, it is a good idea to consider bringing in outside expert help. This could prove to be cheaper than doing it in-house
If these tips seem intimidating, you can also check out a 5-step framework on how you can build an effective cybersecurity strategy. Regardless, once you get started with trying to implement the above you will realize that most are fairly straightforward.
At Rogers Business we have a variety of solutions tailored to SMBs like you. We have partnered with The Toronto Metropolitan University to launch Simply Secure, a cybersecurity resource for SMB’s. Alternatively, you can also reach out to us, and we can help you determine the right solutions for your business.
Contact us today to learn more and see how we can help.
1. Government of Canada, https://cyber.gc.ca/en/guidance/cyber-threat-bulletin-ransomware-threat-2021
2. Cisco, The 2021 Security Outcomes Study – Small and Midsize Business Edition, 2021
3. Cisco, IDG, The Cybersecurity Playbook for Midsize Companies, 2021
4. Cisco, SMB Cybersecurity Report, 2021
5. Cisco, Five tips to enable a remote workforce securely, 2020
6. Cisco, https://blogs.cisco.com/security/big-security-in-a-small-business-world-10-myth-busters-for-smb-cybersecurity, 2020