Setting up a new business can be a daunting task. Suddenly you are responsible for other people’s wages, paying business taxes, and trying to make a profit. The last thing you want to happen is to have your business be hacked.
Being hacked can result in your customers’ and employees’ sensitive information being stolen, as well as your business losing money.
We see new businesses forgetting about cyber security all the time. They are so focused on getting the most for their money when it comes to technology that they don’t take the time to make sure it is safe to use.
We understand that many people start new businesses on a shoestring budget and that cyber security has a reputation for being expensive and needing an IT department to handle all the extra work it causes.
But it doesn’t have to be this way, especially if your business is on the smaller side. There is a series of low-cost changes you can make to how you run your business that will help to keep your employees, customers, and finances safe online.
Making sure that your business is safe against cyberattacks is not a quick process – but it is worth every second when you think about the alternatives. It is not an activity that you can cut corners on, but again, it is more than worth all the effort.
The earlier you can get your cyber security system in place, the easier it will be to keep your business safe. On the other hand, it is never too late to get started and sure up your cyber security.
So, no matter how old your business is, you will find a lot of useful information in this article.
- Why Is It Important To Have Cyber Security For Your Business?
- Top 10 Cyber Security Tips For Your Business
- Keep Software Up To Date
- Pick A VPN
- Human Firewall Tactics
- Anti-Virus Protection And Firewall
- Update Security And Technology Training Protocols
- Use Two Or Multi-factor Authentication For Logins And Approvals
- Protecting Personal Identifiable Information (PII)
- Do Not Use Public Wifi
- Backup Your Data Regularly
- Use Strong Passwords And A Password Management Tool
- Things To Consider
- Summary
Why Is It Important To Have Cyber Security For Your Business?
According to the FBI, 10,000 small businesses across America are targeted by hackers every day. This may be because they have not set up their security properly or because the hackers are trying to use them as a back door to get into other, bigger businesses.
Let’s look at why this can be dangerous for you.
Protection Of Sensitive Information
As a business, you will most likely be storing sensitive information about your customers and your employees. Hackers can get hold of this information and sell it or use it against the victims.
You also risk breaking data protection and GDPR rules if hacked. These can result in big fines for you and your business.
Potential Money Loss
86% of hacks on small businesses were financially motivated in 2020. The hackers may be looking for banking information (of your business or your customers) to steal money that way.
Or they may install malware and demand a ransom. They target small businesses with this technique because it is often cheaper for small businesses to pay the ransom than deal with the consequences of not doing so. 6 Key Takeaways From The 2021 Data Breach Investigations Report
If you are only making a small amount of profit then paying a ransom like this could push you into administration or into debt. PCI Compliance for Call Centers: A No Nonsense Guide
Top 10 Cyber Security Tips For Your Business
Now that you understand why it is important to protect your business from cyberattacks, let’s look at how you can do this in a way that doesn’t break the bank.
All of the tips that we will mention in this section are low-cost and designed with small businesses in mind. We want you to be able to protect yourself without having to spend a lot of money.
Here are 10 tips to improve the cyber security levels of your business.
Keep Software Up To Date
Let’s start with the point that is easiest to act on but gets overlooked so frequently.
You need to make sure that all desktops, laptops, tablets, phones, and other devices owned by your company are kept up to date. You also need to make sure that you keep track of the software and any security flaws in them that might have been exposed.
We know that this sounds incredibly simple, but you would be surprised by how many people don’t update their computers because they think it is a waste of time. They keep pushing the “remind me later” button until they have a queue of half a dozen updates that need to be downloaded.
Why is it important to keep the software on your devices up to date?
Well, there are many devices that won’t run unless they are completely updated – this is a trick that companies use to make sure that people update regularly.
It is also worth noting that the majority of updates that Windows and IOS ask us to install are actually patches on the security system. When the teams of these companies notice a flaw in their work or become aware of a new security threat – they create an update that will solve the problem.
Not updating the software leaves you exposed to any of these issues.
So, what can you do as a business owner to make sure that all of your devices are fully up to date?
For devices that are used in a store, or in-house, that multiple people have access to, we recommend that you set aside one evening a week to do a technology audit and make sure that everything is as up to date as possible.
When it comes to individual computers or laptops, we recommend that you set up some kind of chain of accountability, so that people must report to a supervisor that they have updated whenever a new update is released.
Alternatively, you may want to turn on automatic updates on all company devices.
Pick A VPN
VPNs are Virtual Private Networks. VPNs are a great tool for small businesses that cannot afford their own internal network or for team members who work from home.
VPNs are important for employees to use at home because their cyber security is likely to be weaker there than it is in any of your office buildings. An employee trying to access sensitive or important information from a larger network can create a weakness in the security of the whole company.
You should also make sure that anyone who is accessing your company network or anything work-related via public wifi uses a VPN – more on this later.
So, how do you implement the usage of VPNs throughout your business?
You should start by choosing one brand of VPN that you want your employees to use. You should try to avoid free software and VPNs where possible. They will make the risk of being hacked greater.
There are many affordable VPN options out there and many that will offer a small business discount or multiple license discount.
Then have everyone in the company install the VPNs. They can then turn the VPN on whenever they need to access sensitive information. (most of them also have browser extensions to make the process even easier).
We will talk about firewalls in the next section, but it is worth looking into whether your firewall protection comes with a built-in VPN that you can turn on and increase your security across the whole network.
This is an easy and inexpensive way to beef up your business’s cyber security.
Human Firewall Tactics
90% of malware attacks come from a phishing attempt and 47% of cyber security breaches happen because of employee negligence. One of the best things you can do to decrease the chances of you being hacked is to make sure that all your employees are IT-literate.
Where should you start with this kind of training and does everyone need to go through it?
We recommend that all of your employees go through the same cyber security training so that you are 100% sure that everyone has the right base knowledge to keep the company safe.
Start by talking through the dangers of Phishing – this is something that you may have to learn about yourself too. Make sure that they are aware of little details like the fact that it is possible to change the destination of a hyperlink without changing its appearance.
For example – https://www.google.com/
That link looks like it should lead you straight to Google.com, however, if you click on it, it will take you to a picture of a cute dog. You can avoid nastier versions of tricks like this by hovering over a link, this will show you the real destination of the link.
You should also talk to your staff members about not opening emails from addresses they don’t recognize and be aware of suspicious messages or links that they are sent from within the company.
A small amount of vigilance from your team members can make a huge difference.
Some scammers will also try to get passwords or other important pieces of information over the phone. Remind your employees that banks, electric companies, and other third-party services that you use should never ask for personal information or the companies bank details.
If they are suspicious of a phone call then they should hang up or pass the caller on to someone more senior in the company.
Anti-Virus Protection And Firewall
There are two pieces of software that are essential to keeping your business safe from cyberattacks and if your business does not have either of these stop reading and sort that out right now.
We are, of course talking about anti-virus software (AVS) and firewalls.
Anti-virus software is designed to detect and neutralize any threats to your business network, computer systems, or devices.
According to Alan Herny, “modern anti-virus software can protect users from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraud tools, adware, and spyware.”
Anti-virus software does come at a cost, but it is a relatively small cost compared to the value they can offer you.
It is important that you install anti-virus software in combination with a firewall, as this will offer you the most complete protection against malicious software and cyber attacks. Anti-virus software protects the hardware, while the firewall protects the network that the hardware is running on.
The word firewall was first used to refer to computing software in a 1980s film about hackers.
Now, the word firewall refers to a security network that works within a company (or home) network that monitors incoming and outgoing network traffic. The firewall blocks any suspicious traffic and can establish a barrier between anything it thinks is trying to attack your computer.
Once you have installed anti-virus software and a firewall, it is important to make sure that you have adjusted the settings to what the manufacturer recommends. This can be done individually on each computer or in one go using the network settings.
It is recommended that you keep track of the software provider’s recommendations for the settings, as these may change when new breaches and dangers are discovered.
You will have to purchase firewall software for your network, but again, the protection it provides makes it more than worth it.
Update Security And Technology Training Protocols
In an earlier section, we talked about making sure that all your staff members are trained in basic cyber security skills – such as knowing how to avoid a phishing scam – we also recommend that you make your cyber security protocol and practices as airtight as possible.
As well as, training your staff members in the subject as much as you can.
You should establish a cyber security protocol for your organization as soon as possible. This protocol will make sure that everyone uses their machines safely and knows exactly what is expected of them. This will also have the information to refer back to if they ever need it.
If you don’t know where to start when creating your company’s cyber security plan and protocol, then start with the other 9 items on this list. Spell them out in a way that makes them clear and easy to follow. Try to include videos or screenshots of each action point.
You should make sure that every new starter in your business is aware of this protocol and assign the responsibility of checking this to a staff member who has a good comprehension of how computers work.
You should also make sure that you have a robust cyber security training program that you put all your staff members through. They should do this when they first start and they should have to do a refresher course at least twice a year.
You can either create this course yourself if you are confident that you understand the topic and can teach it to others. Or, you can bring in a cybersecurity consultant to help you create the course and maybe even teach it themselves.
This may seem like you are spending more money and time than you would like to – but as with every other tip on this list, implementing it is helping to protect yourself from hackers and cyberattacks – which is invaluable.
Use Two Or Multi-factor Authentication For Logins And Approvals
One of the easiest ways to protect your most important accounts from hacking is to use two or multi-factor authentication when logging on. For particularly important accounts, you may want to insist on managerial approval to be able to access that account.
What is multi-factor authentication and how can it help to protect your important accounts?
Multi-factor authentication is a login process where after entering a password a second, one-time passcode is sent to another device allows access. It may be sent via email or text message.
For example, if you are trying to log on to your work email account, you would have to enter your password, you would then relieve a text to your work phone with a 6 digit one-time passcode. You would enter this code and be allowed into the account.
Multi-factor authentication is really useful as it prevents remote access to your accounts – the hacker must be able to access your password and your texts to get into the account.
It is important that you choose an appropriate email account or device as your second layer of authentication. It cannot have the same access code as the account you are trying to access and it should ideally be something only you have access to.
This is why phones make such a great option for two-factor authentication. It is a lot harder to hack a phone than it is to hack a second email account.
You may also be interested in protecting your most important accounts with passwords or codes that only management in the business knows. For example, lots of shops only allow managers to remove money from their tills and they need a managerial code to be able to do this.
If you have important accounts that are protecting sensitive information then you should consider only giving access to the people who really need it.
Protecting Personal Identifiable Information (PII)
Personal Identifiable Information (PII) is the technical term for any type of information that hackers can use to work out where you are or even who you are.
Personal Identifiable Information can be both physical and digital – it includes but is not limited to name, address, phone numbers, date of birth, Social Security Number, IP address, and your location details.
PII can be acquired through phishing activities, by hacking your account (personal accounts as well as work accounts), and even by going through your business’ bins.
This is another area of internet security that it is important to talk to your employees about, as people may be sharing this information without realizing it.
For example, many of us post when our birthdays are on our public social media accounts, we also share names of our children, pets, heroes, and close friends. Hackers can use this kind of information to get into your accounts if you are not careful.
Many people do not realize that information that they share on their personal social media accounts can weaken the security of their work accounts and put their whole business in danger.
Another thing you should be wary of is using key dates in your business’ history as passcodes. We once worked for a company that used their founding date as their safe code, and they would tweet about their anniversary every year. That was a huge security flaw.
Part of your company’s cyber security protocol should include making sure all employees check their security settings on all of their social media accounts – to check that they are not sharing any PII that could be used against them.
Not only should you be concerned about protecting your own Personal Identifiable Information, but as a business, it is your responsibility to protect your customers’ PII as well. They have the right to know that their information is protected thanks to the PCI DSS standards.
Do Not Use Public Wifi
We mentioned above that you should not allow your employees to access anything on your work network while using public wifi without using a VPN.
If we were you, then we would take this a step further and insist that no access the work network or accounts at all while using a public wifi network.
Public wifi networks are a hacker’s playground and are incredibly dangerous, even for highly protected devices. They really should only be used as a last resort, but they are best avoided altogether.
When we say public wifi networks, we include wifi networks on public transport, at airports, at cafes, and even in communal working spaces. If you and your business has no control over the network or do not know what kind of firewalls they are using – you do not want to risk it.
If your employees work on the go a lot then you would be better off investing in a portable 4G hotspot for them.
Backup Your Data Regularly
One of the things that makes ransomware so effective is that a lot of people and small businesses do not back up their data regularly enough.
Most ransomware attacks involve locking you out of your computer, phone, or device and refusing to let you back in unless you hand over a considerable amount of money. If you haven’t backed up your data, then paying the ransom is the only chance you will have to get your data back.
Some hackers may give you access to your data again, however, it is not unknown for hackers to leave devices locked after they have gotten their money.
If you backup your data online, on the cloud (eg AWS) or physically in a separate location then you will be able to wipe your computer to remove the ransomware and then download all of your data again.
This will save you from having to pay any money to hackers. You are also more likely to be able to get your business up and running again more quickly this way.
When you are backing up your data it is important that you don’t just back it up on your computer – you either need to back it up online as well or on an external device that is not connected to the internet.
How frequently should you back up your computer and how can you make sure that it is done regularly?
Depending on what kind of business you run and how busy it is, you may need all staff members to back their computers up at least once a day. Although, most businesses may be able to get away with backing up once a week and situationally after any important work has been done.
To make sure that everyone is backing up when they should be make it part of their daily checklist and have someone who is responsible for checking up on this.
Use Strong Passwords And A Password Management Tool
In 2022, we are all aware of the importance of using strong passwords and not repeating passwords across multiple accounts. We all do this in our personal lives, so why would we act any differently at work?
A strong password is the first line of defense against hackers and it should not be overlooked, even when you are employing every other tip on this list. So, make sure that all your employees are creating strong passwords:
- The password should have more than 8 characters
- It should include at least one number and one symbol
- It should include one capital letter
- It should not include a birthday or anniversary date
- Ideally, passwords should be a string of random words and letters – here is a random password generator that can be used to create those.
You should employ all of these techniques when creating passwords for shared accounts. You should make sure that passwords are being refreshed at least once every 6 months.
When it comes to password management, you should avoid having a document with all of the company’s important passwords written in it. Especially, if this is done on software that can also be hacked.
When you are sharing passwords between different members of the business, it is best that you share these passwords verbally, rather than emailing them to each other or having them written down somewhere.
If you must share them using a messaging system, we recommend texting them – as phones are a lot harder to hack than emails.
Things To Consider
Above are the 10 easiest ways to sure up your cyber security. Before we leave you, we want to give you three more advanced tips that will help you to take your cyber security to the next level.
Acting on these tips will be a little bit more difficult and expensive than the tips above, however, in the long run, they will be worth it for your business.
Secure Your Mobile Device
Many of us are walking around with unprotected phones that are full of sensitive information about ourselves and our businesses.
While some of the high-end phones come with end-to-end encryption and malware protection, not all phones do. And a lot of people don’t realize this.
You can protect people’s work phones by making sure they only download company-approved apps, that they use complex pin codes, and that they do not save passwords to their phone.
Encryption Software
Encryption software is a more expensive but effective solution to the problem of cyber security.
Encryption software will make sure that even if someone does hack into your business’ network, they won’t be able to read or get access to any of your files.
We recommend that you encrypt everything your business works on. It may add a little more time to your day having to decrypt and then re-encrypt everything you use – but if you were to be hacked it would keep your sensitive data out of the wrong hands.
There are many options when it comes to encryption software – it is important that you choose software from a reliable company and you download the software from an official source.
Don’t Mix Work And Pleasure
Finally, make sure that everyone who works for you has a separate work computer – even if they work from home.
Make sure that they use these devices for work and nothing else. This will make you less vulnerable.
Engage For Cybersecurity Services
Security services like vulnerability assessments carried out by 3rd party vendors are now more affordable than in years past. Having regular assessments can provide a base level of protection and at the least, help rectify larger more dangerous security flaws before they become exposed.
As your security program grows you can start to include more sophisticated network penetration testing to understand your network’s vulnerabilities in more detail, and develop better protection against a breach.
See also: Guide to penetration testing for small businesses.
Summary
Protecting your business from cyberattacks and threats is one of the most important things you can do as a business owner. It is your responsibility to keep your business and your staff members safe.
This might seem like an overwhelming task, but there are some simple things you can do to drastically reduce the chances of your cybersecurity being breached.
These include making sure that none of your team members use public wifi and that all company passwords are strong and stored in a password management system. Making the 10 simple changes that we have listed above will help to keep your company safe from cyber threats.
