Cybersecurity Tips For Smaller Businesses

Uploaded on 2017-09-28 in NEWS-Cybersecurity News, FREE TO VIEW

Small businesses and self-employed people are big targets for hackers, and the financial implications can be crippling. Gone are the days of thinking “It’ll never happen to us”.

A total of 61% of all data breaches this year occurred in businesses with fewer than 1,000 employees, according to the Verizon Data Breach Investigations Report. Estimates vary on how much a breach truly costs, but it can often be millions of pounds.

What’s more, new European regulation aimed at protecting personal data (GDPR) comes into force next year, and could result in fines of between 2% and 4% of annual turnover, or €20m (£18m), whichever is greater. Not only have hacks increased in frequency, but the impact on SMEs is getting much bigger.

But where do you begin? Many SMEs feel that being as secure as a big business is impossible. Corporations have large budgets, chief security officers and entire teams dedicated to cybersecurity. This perception stems from the impression that hacks are vastly complicated, and rely on a tireless horde of highly skilled attackers. Most hacks aren’t like that. The majority depend on poor passwords and a lack of awareness of what a hacker actually needs to compromise your systems – a simple phishing email or a leaked password and they’re in. It’s that simple.

Educating yourself and your staff is the only solution. Hackers always look for soft targets, so start with the basics.

1 Get a strong Password

A total of 80% of hacking-related breaches use either stolen passwords and/or weak or guessable passwords. Getting a strong password is the bare minimum. What’s more, it’s easier than you think. A lot of people don’t know that you can use spaces in your passwords, for example: “horse mug table” is much a much better password than “Horse123”.

2 Then make your Password Unique

Having a single strong password doesn’t count for much if that password then gets leaked. We’ve seen massive, trusted companies like LinkedIn and Yahoo leak millions of passwords over the last few years, which opens the door to wide-ranging cyber-attacks.

Password managers like LastPass and OnePassword help you generate and keep track of unique and strong passwords.

3 Know what to look out for with Phishing

Hackers are constantly sending “phishing” emails, trying to get you to click on their website so that they can install malware or convince you to give them your password. Understanding what a hacker is trying to do and what to look out for is key. Poor syntax, incorrect spelling, or email addresses and links that include a lot of full stops (for example, amazon.getcode.tickets.phishingattack.com) are all key warning signs to look out for.

4 Understand the information you’re already giving away

Phishing attacks rely on the amount of information we share about ourselves online. Famously the hackers behind the celebrity iCloud leak in 2014 used information they’d gained from public posts to guess the answers to user’s secret questions. If your secret question is “The city I was born in” and you post that information on Facebook, then hackers have an easy way into your account.

5 Pay attention to web page urls

When you see “http” in a web page url that means your communication with that page is unencrypted. Any communication could be easily read by a hacker waiting on that page; “http” is a warning sign to look out for if you ever think you might have stumbled onto a phishing or generally suspect website. If you’re ever entering sensitive information like credit card numbers or personal details, make sure the website has “https” in the website url. That way you’re more secure.

6 Update your Software

Software is updated for a reason. Usually companies like Microsoft or Apple will discover a vulnerability that might let hackers in, fix it, then offer an update. Always take them up on it.

We saw with the WanaCry attack earlier this year what happens when organisations don’t install patches (updates bringing computer systems to the most up-to-date version) and security updates. Unpatched vulnerabilities offer gaps into your systems that hackers use to install malware and ransomware, or to just gain control of your systems.

7 Encrypt Everything

Should a breach happen, you want to make sure whatever information hackers get their hands on is, at the very least, difficult for them to understand. Encrypting your hard drives and databases with a modern algorithm like AES256is a key defensive tool to protect your data in the event of a breach. It’s quick and easy to do. For more info you can check out this post by FreeCodeCamp to do it in under an hour.

Knowledge is the key to cybersecurity, but it’s important to think about the underlying structure of your business and the way it handles data more broadly.

Organisation-wide controls and data-protection policies help define sound technological defence, and ensure you know how to respond in the event of a breach. Just remember that industry standards like an ISO27001 certification and SOCII are beneficial, but only when combined with education and good user behaviour.

Guardian:

You Might Also Read: 

71% Of SMEs Unprepared For Cyber Risks:

Small Businesses Should Consider Cyber Insurance:

« Facebook T0 Spend $1b On VideoProduction
Universities Are Targets For Cyber Criminals »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

PRESENSE Technologies

PRESENSE Technologies

PRESENSE Technologies specializes in monitoring and enforcing IT security policies at critical points in the network and on end systems.

Information Technology Industry Development Agency (ITIDA)

Information Technology Industry Development Agency (ITIDA)

ITIDA has two broad goals: building the capacities of Egypt’s local information and communications technology (ICT) industry and attracting foreign direct investments to boost the ICT sector.

DeepView

DeepView

DeepView delivers a unified platform for managing risk on digital platforms. One interactive secure portal allowing employees to engage their networks securely and compliantly.

Trapp Technology

Trapp Technology

Trapp Technology combines the very best cloud, Internet, IT managed services, and IT consulting to provide a true all-in-one IT solution for small to mid-sized businesses.

TotalAV

TotalAV

TotalAV Antivirus is a free-to-use app packed with all the essential features to find and remove malware, keeping you safe.

Information Systems Security Association (ISSA)

Information Systems Security Association (ISSA)

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Akamai Technologies

Akamai Technologies

Akamai's leading security, compute, and delivery solutions are helping global companies make life better for billions of people, billions of times a day.

Multipoint Group

Multipoint Group

Multipoint is an information security and protection solutions company operating in the South EMEA region through value-added distribution channels.

Geobridge

Geobridge

Geobridge was one of the first information security solutions providers to support cryptography and payment applications for payment processors, financial institutions and retail organizations.

TerraEagle

TerraEagle

Terraeagle is a boutique cyber security services company providing tailor-made solutions. Our core competency is in SOCaaS, MDRaaS & and Incident Response Retainer Services.

Digital Encode

Digital Encode

Digital Encode is a leading consulting and integration firm that specializes in the design, management, and security of business-critical networks, telecommunications, and IT infrastructures.

DACTA Global

DACTA Global

DACTA was established with the aim of simplifying the perception of complexity surrounding digital security challenges and solutions.

Infodot Technologies

Infodot Technologies

Infodot Technologies specialize in a co-managed IT support and services approach, where businesses share their IT responsibilities with a skilled Managed IT Services Provider (MSP).

Universal Technical Resource Services (UTRS)

Universal Technical Resource Services (UTRS)

UTRS is a technology firm that delivers a wide range of engineering, technical, strategic, and digital services to the public and private sectors.

ZIUR Industrial Cybersecurity Center

ZIUR Industrial Cybersecurity Center

ZIUR is a public initiative to help industrial companies reinforce their protection and that of their products or services against cyberattacks.

Calculus Networks

Calculus Networks

Calculus deliver cutting-edge technology solutions and services in cybersecurity and agile innovation, helping organizations thrive in a fast-evolving digital landscape.